Purge the AES variant of Dilithium
This commit is contained in:
parent
19033d82fe
commit
b3e99348cd
Binary file not shown.
Binary file not shown.
Binary file not shown.
@ -5,7 +5,4 @@
|
||||
EXTRA_DIST += \
|
||||
certs/dilithium/bench_dilithium_level2_key.der \
|
||||
certs/dilithium/bench_dilithium_level3_key.der \
|
||||
certs/dilithium/bench_dilithium_level5_key.der \
|
||||
certs/dilithium/bench_dilithium_aes_level2_key.der \
|
||||
certs/dilithium/bench_dilithium_aes_level3_key.der \
|
||||
certs/dilithium/bench_dilithium_aes_level5_key.der
|
||||
certs/dilithium/bench_dilithium_level5_key.der
|
||||
|
@ -111,9 +111,6 @@ my @fileList_dilithium = (
|
||||
["certs/dilithium/bench_dilithium_level2_key.der", "bench_dilithium_level2_key" ],
|
||||
["certs/dilithium/bench_dilithium_level3_key.der", "bench_dilithium_level3_key" ],
|
||||
["certs/dilithium/bench_dilithium_level5_key.der", "bench_dilithium_level5_key" ],
|
||||
["certs/dilithium/bench_dilithium_aes_level2_key.der", "bench_dilithium_aes_level2_key" ],
|
||||
["certs/dilithium/bench_dilithium_aes_level3_key.der", "bench_dilithium_aes_level3_key" ],
|
||||
["certs/dilithium/bench_dilithium_aes_level5_key.der", "bench_dilithium_aes_level5_key" ],
|
||||
);
|
||||
|
||||
#Sphincs+ Post-Quantum Keys
|
||||
|
119
src/internal.c
119
src/internal.c
@ -2857,27 +2857,6 @@ static WC_INLINE void AddSuiteHashSigAlgo(Suites* suites, byte macAlgo,
|
||||
*inOutIdx += 1;
|
||||
}
|
||||
else
|
||||
if (sigAlgo == dilithium_aes_level2_sa_algo) {
|
||||
suites->hashSigAlgo[*inOutIdx] = DILITHIUM_AES_LEVEL2_SA_MAJOR;
|
||||
*inOutIdx += 1;
|
||||
suites->hashSigAlgo[*inOutIdx] = DILITHIUM_AES_LEVEL2_SA_MINOR;
|
||||
*inOutIdx += 1;
|
||||
}
|
||||
else
|
||||
if (sigAlgo == dilithium_aes_level3_sa_algo) {
|
||||
suites->hashSigAlgo[*inOutIdx] = DILITHIUM_AES_LEVEL3_SA_MAJOR;
|
||||
*inOutIdx += 1;
|
||||
suites->hashSigAlgo[*inOutIdx] = DILITHIUM_AES_LEVEL3_SA_MINOR;
|
||||
*inOutIdx += 1;
|
||||
}
|
||||
else
|
||||
if (sigAlgo == dilithium_aes_level5_sa_algo) {
|
||||
suites->hashSigAlgo[*inOutIdx] = DILITHIUM_AES_LEVEL5_SA_MAJOR;
|
||||
*inOutIdx += 1;
|
||||
suites->hashSigAlgo[*inOutIdx] = DILITHIUM_AES_LEVEL5_SA_MINOR;
|
||||
*inOutIdx += 1;
|
||||
}
|
||||
else
|
||||
#endif /* HAVE_DILITHIUM */
|
||||
#endif /* HAVE_PQC */
|
||||
#ifdef WC_RSA_PSS
|
||||
@ -2957,12 +2936,6 @@ void InitSuitesHashSigAlgo(Suites* suites, int haveECDSAsig, int haveRSAsig,
|
||||
&idx);
|
||||
AddSuiteHashSigAlgo(suites, no_mac, dilithium_level5_sa_algo, keySz,
|
||||
&idx);
|
||||
AddSuiteHashSigAlgo(suites, no_mac, dilithium_aes_level2_sa_algo, keySz,
|
||||
&idx);
|
||||
AddSuiteHashSigAlgo(suites, no_mac, dilithium_aes_level3_sa_algo, keySz,
|
||||
&idx);
|
||||
AddSuiteHashSigAlgo(suites, no_mac, dilithium_aes_level5_sa_algo, keySz,
|
||||
&idx);
|
||||
#endif /* HAVE_DILITHIUM */
|
||||
#endif /* HAVE_PQC */
|
||||
}
|
||||
@ -4052,18 +4025,6 @@ static WC_INLINE void DecodeSigAlg(const byte* input, byte* hashAlgo, byte* hsTy
|
||||
*hsType = dilithium_level5_sa_algo;
|
||||
*hashAlgo = sha512_mac;
|
||||
}
|
||||
else if (input[1] == DILITHIUM_AES_LEVEL2_SA_MINOR) {
|
||||
*hsType = dilithium_aes_level2_sa_algo;
|
||||
*hashAlgo = sha512_mac;
|
||||
}
|
||||
else if (input[1] == DILITHIUM_AES_LEVEL3_SA_MINOR) {
|
||||
*hsType = dilithium_aes_level3_sa_algo;
|
||||
*hashAlgo = sha512_mac;
|
||||
}
|
||||
else if (input[1] == DILITHIUM_AES_LEVEL5_SA_MINOR) {
|
||||
*hsType = dilithium_aes_level5_sa_algo;
|
||||
*hashAlgo = sha512_mac;
|
||||
}
|
||||
#endif /* HAVE_DILITHIUM */
|
||||
break;
|
||||
#endif
|
||||
@ -13028,7 +12989,6 @@ static int ProcessPeerCertCheckKey(WOLFSSL* ssl, ProcPeerCertArgs* args)
|
||||
#endif /* HAVE_PQC */
|
||||
#if defined(HAVE_DILITHIUM)
|
||||
case DILITHIUM_LEVEL2k:
|
||||
case DILITHIUM_AES_LEVEL2k:
|
||||
if (ssl->options.minDilithiumKeySz < 0 ||
|
||||
DILITHIUM_LEVEL2_KEY_SIZE
|
||||
< (word16)ssl->options.minDilithiumKeySz) {
|
||||
@ -13037,7 +12997,6 @@ static int ProcessPeerCertCheckKey(WOLFSSL* ssl, ProcPeerCertArgs* args)
|
||||
}
|
||||
break;
|
||||
case DILITHIUM_LEVEL3k:
|
||||
case DILITHIUM_AES_LEVEL3k:
|
||||
if (ssl->options.minDilithiumKeySz < 0 ||
|
||||
DILITHIUM_LEVEL3_KEY_SIZE
|
||||
< (word16)ssl->options.minDilithiumKeySz) {
|
||||
@ -13046,7 +13005,6 @@ static int ProcessPeerCertCheckKey(WOLFSSL* ssl, ProcPeerCertArgs* args)
|
||||
}
|
||||
break;
|
||||
case DILITHIUM_LEVEL5k:
|
||||
case DILITHIUM_AES_LEVEL5k:
|
||||
if (ssl->options.minDilithiumKeySz < 0 ||
|
||||
DILITHIUM_LEVEL5_KEY_SIZE
|
||||
< (word16)ssl->options.minDilithiumKeySz) {
|
||||
@ -14416,9 +14374,6 @@ int ProcessPeerCerts(WOLFSSL* ssl, byte* input, word32* inOutIdx,
|
||||
case DILITHIUM_LEVEL2k:
|
||||
case DILITHIUM_LEVEL3k:
|
||||
case DILITHIUM_LEVEL5k:
|
||||
case DILITHIUM_AES_LEVEL2k:
|
||||
case DILITHIUM_AES_LEVEL3k:
|
||||
case DILITHIUM_AES_LEVEL5k:
|
||||
{
|
||||
int keyRet = 0;
|
||||
if (ssl->peerDilithiumKey == NULL) {
|
||||
@ -14433,37 +14388,16 @@ int ProcessPeerCerts(WOLFSSL* ssl, byte* input, word32* inOutIdx,
|
||||
|
||||
if (keyRet == 0) {
|
||||
if (args->dCert->keyOID == DILITHIUM_LEVEL2k) {
|
||||
keyRet = wc_dilithium_set_level_and_sym(
|
||||
ssl->peerDilithiumKey, 2,
|
||||
SHAKE_VARIANT);
|
||||
keyRet = wc_dilithium_set_level(
|
||||
ssl->peerDilithiumKey, 2);
|
||||
}
|
||||
else if (args->dCert->keyOID == DILITHIUM_LEVEL3k) {
|
||||
keyRet = wc_dilithium_set_level_and_sym(
|
||||
ssl->peerDilithiumKey, 3,
|
||||
SHAKE_VARIANT);
|
||||
keyRet = wc_dilithium_set_level(
|
||||
ssl->peerDilithiumKey, 3);
|
||||
}
|
||||
else if (args->dCert->keyOID == DILITHIUM_LEVEL5k) {
|
||||
keyRet = wc_dilithium_set_level_and_sym(
|
||||
ssl->peerDilithiumKey, 5,
|
||||
SHAKE_VARIANT);
|
||||
}
|
||||
else if (args->dCert->keyOID
|
||||
== DILITHIUM_AES_LEVEL2k) {
|
||||
keyRet = wc_dilithium_set_level_and_sym(
|
||||
ssl->peerDilithiumKey, 2,
|
||||
AES_VARIANT);
|
||||
}
|
||||
else if (args->dCert->keyOID
|
||||
== DILITHIUM_AES_LEVEL3k) {
|
||||
keyRet = wc_dilithium_set_level_and_sym(
|
||||
ssl->peerDilithiumKey, 3,
|
||||
AES_VARIANT);
|
||||
}
|
||||
else if (args->dCert->keyOID
|
||||
== DILITHIUM_AES_LEVEL5k) {
|
||||
keyRet = wc_dilithium_set_level_and_sym(
|
||||
ssl->peerDilithiumKey, 5,
|
||||
AES_VARIANT);
|
||||
keyRet = wc_dilithium_set_level(
|
||||
ssl->peerDilithiumKey, 5);
|
||||
}
|
||||
}
|
||||
|
||||
@ -24949,18 +24883,6 @@ static int MatchSigAlgo(WOLFSSL* ssl, int sigAlgo)
|
||||
/* Certificate has Dilithium level 5 key, only match with it. */
|
||||
return sigAlgo == dilithium_level5_sa_algo;
|
||||
}
|
||||
if (ssl->pkCurveOID == CTC_DILITHIUM_AES_LEVEL2) {
|
||||
/* Certificate has Dilithium AES level 2 key, only match with it. */
|
||||
return sigAlgo == dilithium_aes_level2_sa_algo;
|
||||
}
|
||||
if (ssl->pkCurveOID == CTC_DILITHIUM_AES_LEVEL3) {
|
||||
/* Certificate has Dilithium AES level 3 key, only match with it. */
|
||||
return sigAlgo == dilithium_aes_level3_sa_algo;
|
||||
}
|
||||
if (ssl->pkCurveOID == CTC_DILITHIUM_AES_LEVEL5) {
|
||||
/* Certificate has Dilithium AES level 5 key, only match with it. */
|
||||
return sigAlgo == dilithium_aes_level5_sa_algo;
|
||||
}
|
||||
#endif /* HAVE_DILITHIUM */
|
||||
#endif /* HAVE_PQC */
|
||||
#ifdef WC_RSA_PSS
|
||||
@ -25080,10 +25002,7 @@ int PickHashSigAlgo(WOLFSSL* ssl, const byte* hashSigAlgo, word32 hashSigAlgoSz)
|
||||
#if defined(HAVE_DILITHIUM)
|
||||
if (ssl->pkCurveOID == CTC_DILITHIUM_LEVEL2 ||
|
||||
ssl->pkCurveOID == CTC_DILITHIUM_LEVEL3 ||
|
||||
ssl->pkCurveOID == CTC_DILITHIUM_LEVEL5 ||
|
||||
ssl->pkCurveOID == CTC_DILITHIUM_AES_LEVEL2 ||
|
||||
ssl->pkCurveOID == CTC_DILITHIUM_AES_LEVEL3 ||
|
||||
ssl->pkCurveOID == CTC_DILITHIUM_AES_LEVEL5 ) {
|
||||
ssl->pkCurveOID == CTC_DILITHIUM_LEVEL5) {
|
||||
/* Matched Dilithium - set chosen and finished. */
|
||||
ssl->suites->sigAlgo = sigAlgo;
|
||||
ssl->suites->hashAlgo = hashAlgo;
|
||||
@ -25848,9 +25767,6 @@ int DecodePrivateKey(WOLFSSL *ssl, word16* length)
|
||||
if (ssl->buffers.keyType == dilithium_level2_sa_algo ||
|
||||
ssl->buffers.keyType == dilithium_level3_sa_algo ||
|
||||
ssl->buffers.keyType == dilithium_level5_sa_algo ||
|
||||
ssl->buffers.keyType == dilithium_aes_level2_sa_algo ||
|
||||
ssl->buffers.keyType == dilithium_aes_level3_sa_algo ||
|
||||
ssl->buffers.keyType == dilithium_aes_level5_sa_algo ||
|
||||
ssl->buffers.keyType == 0) {
|
||||
|
||||
ssl->hsType = DYNAMIC_TYPE_DILITHIUM;
|
||||
@ -25860,28 +25776,13 @@ int DecodePrivateKey(WOLFSSL *ssl, word16* length)
|
||||
}
|
||||
|
||||
if (ssl->buffers.keyType == dilithium_level2_sa_algo) {
|
||||
ret = wc_dilithium_set_level_and_sym((dilithium_key*)ssl->hsKey,
|
||||
2, SHAKE_VARIANT);
|
||||
ret = wc_dilithium_set_level((dilithium_key*)ssl->hsKey, 2);
|
||||
}
|
||||
else if (ssl->buffers.keyType == dilithium_level3_sa_algo) {
|
||||
ret = wc_dilithium_set_level_and_sym((dilithium_key*)ssl->hsKey,
|
||||
3, SHAKE_VARIANT);
|
||||
ret = wc_dilithium_set_level((dilithium_key*)ssl->hsKey, 3);
|
||||
}
|
||||
else if (ssl->buffers.keyType == dilithium_level5_sa_algo) {
|
||||
ret = wc_dilithium_set_level_and_sym((dilithium_key*)ssl->hsKey,
|
||||
5, SHAKE_VARIANT);
|
||||
}
|
||||
else if (ssl->buffers.keyType == dilithium_aes_level2_sa_algo) {
|
||||
ret = wc_dilithium_set_level_and_sym((dilithium_key*)ssl->hsKey,
|
||||
2, AES_VARIANT);
|
||||
}
|
||||
else if (ssl->buffers.keyType == dilithium_aes_level3_sa_algo) {
|
||||
ret = wc_dilithium_set_level_and_sym((dilithium_key*)ssl->hsKey,
|
||||
3, AES_VARIANT);
|
||||
}
|
||||
else if (ssl->buffers.keyType == dilithium_aes_level5_sa_algo) {
|
||||
ret = wc_dilithium_set_level_and_sym((dilithium_key*)ssl->hsKey,
|
||||
5, AES_VARIANT);
|
||||
ret = wc_dilithium_set_level((dilithium_key*)ssl->hsKey, 5);
|
||||
}
|
||||
else {
|
||||
/* What if ssl->buffers.keyType is 0? We might want to do something
|
||||
|
122
src/ssl.c
122
src/ssl.c
@ -5244,7 +5244,6 @@ int AddCA(WOLFSSL_CERT_MANAGER* cm, DerBuffer** pDer, int type, int verify)
|
||||
#endif /* HAVE_FALCON */
|
||||
#if defined(HAVE_DILITHIUM)
|
||||
case DILITHIUM_LEVEL2k:
|
||||
case DILITHIUM_AES_LEVEL2k:
|
||||
if (cm->minDilithiumKeySz < 0 ||
|
||||
DILITHIUM_LEVEL2_KEY_SIZE < (word16)cm->minDilithiumKeySz) {
|
||||
ret = DILITHIUM_KEY_SIZE_E;
|
||||
@ -5252,7 +5251,6 @@ int AddCA(WOLFSSL_CERT_MANAGER* cm, DerBuffer** pDer, int type, int verify)
|
||||
}
|
||||
break;
|
||||
case DILITHIUM_LEVEL3k:
|
||||
case DILITHIUM_AES_LEVEL3k:
|
||||
if (cm->minDilithiumKeySz < 0 ||
|
||||
DILITHIUM_LEVEL3_KEY_SIZE < (word16)cm->minDilithiumKeySz) {
|
||||
ret = DILITHIUM_KEY_SIZE_E;
|
||||
@ -5260,7 +5258,6 @@ int AddCA(WOLFSSL_CERT_MANAGER* cm, DerBuffer** pDer, int type, int verify)
|
||||
}
|
||||
break;
|
||||
case DILITHIUM_LEVEL5k:
|
||||
case DILITHIUM_AES_LEVEL5k:
|
||||
if (cm->minDilithiumKeySz < 0 ||
|
||||
DILITHIUM_LEVEL5_KEY_SIZE < (word16)cm->minDilithiumKeySz) {
|
||||
ret = DILITHIUM_KEY_SIZE_E;
|
||||
@ -6251,10 +6248,7 @@ static int ProcessBufferTryDecode(WOLFSSL_CTX* ctx, WOLFSSL* ssl, DerBuffer* der
|
||||
if ((*keyFormat == 0) ||
|
||||
(*keyFormat == DILITHIUM_LEVEL2k) ||
|
||||
(*keyFormat == DILITHIUM_LEVEL3k) ||
|
||||
(*keyFormat == DILITHIUM_LEVEL5k) ||
|
||||
(*keyFormat == DILITHIUM_AES_LEVEL2k) ||
|
||||
(*keyFormat == DILITHIUM_AES_LEVEL3k) ||
|
||||
(*keyFormat == DILITHIUM_AES_LEVEL5k)) {
|
||||
(*keyFormat == DILITHIUM_LEVEL5k)) {
|
||||
/* make sure Dilithium key can be used */
|
||||
dilithium_key* key = (dilithium_key*)XMALLOC(sizeof(dilithium_key),
|
||||
heap,
|
||||
@ -6265,22 +6259,13 @@ static int ProcessBufferTryDecode(WOLFSSL_CTX* ctx, WOLFSSL* ssl, DerBuffer* der
|
||||
ret = wc_dilithium_init(key);
|
||||
if (ret == 0) {
|
||||
if (*keyFormat == DILITHIUM_LEVEL2k) {
|
||||
ret = wc_dilithium_set_level_and_sym(key, 2, SHAKE_VARIANT);
|
||||
ret = wc_dilithium_set_level(key, 2);
|
||||
}
|
||||
else if (*keyFormat == DILITHIUM_LEVEL3k) {
|
||||
ret = wc_dilithium_set_level_and_sym(key, 3, SHAKE_VARIANT);
|
||||
ret = wc_dilithium_set_level(key, 3);
|
||||
}
|
||||
else if (*keyFormat == DILITHIUM_LEVEL5k) {
|
||||
ret = wc_dilithium_set_level_and_sym(key, 5, SHAKE_VARIANT);
|
||||
}
|
||||
else if (*keyFormat == DILITHIUM_AES_LEVEL2k) {
|
||||
ret = wc_dilithium_set_level_and_sym(key, 2, AES_VARIANT);
|
||||
}
|
||||
else if (*keyFormat == DILITHIUM_AES_LEVEL3k) {
|
||||
ret = wc_dilithium_set_level_and_sym(key, 3, AES_VARIANT);
|
||||
}
|
||||
else if (*keyFormat == DILITHIUM_AES_LEVEL5k) {
|
||||
ret = wc_dilithium_set_level_and_sym(key, 5, AES_VARIANT);
|
||||
ret = wc_dilithium_set_level(key, 5);
|
||||
}
|
||||
else {
|
||||
/* What if *keyformat is 0? We might want to do something more
|
||||
@ -6313,15 +6298,6 @@ static int ProcessBufferTryDecode(WOLFSSL_CTX* ctx, WOLFSSL* ssl, DerBuffer* der
|
||||
else if (*keyFormat == DILITHIUM_LEVEL5k) {
|
||||
ssl->buffers.keyType = dilithium_level5_sa_algo;
|
||||
}
|
||||
else if (*keyFormat == DILITHIUM_AES_LEVEL2k) {
|
||||
ssl->buffers.keyType = dilithium_aes_level2_sa_algo;
|
||||
}
|
||||
else if (*keyFormat == DILITHIUM_AES_LEVEL3k) {
|
||||
ssl->buffers.keyType = dilithium_aes_level3_sa_algo;
|
||||
}
|
||||
else if (*keyFormat == DILITHIUM_AES_LEVEL5k) {
|
||||
ssl->buffers.keyType = dilithium_aes_level5_sa_algo;
|
||||
}
|
||||
ssl->buffers.keySz = *keySz;
|
||||
}
|
||||
else {
|
||||
@ -6334,15 +6310,6 @@ static int ProcessBufferTryDecode(WOLFSSL_CTX* ctx, WOLFSSL* ssl, DerBuffer* der
|
||||
else if (*keyFormat == DILITHIUM_LEVEL5k) {
|
||||
ctx->privateKeyType = dilithium_level5_sa_algo;
|
||||
}
|
||||
else if (*keyFormat == DILITHIUM_AES_LEVEL2k) {
|
||||
ctx->privateKeyType = dilithium_aes_level2_sa_algo;
|
||||
}
|
||||
else if (*keyFormat == DILITHIUM_AES_LEVEL3k) {
|
||||
ctx->privateKeyType = dilithium_aes_level3_sa_algo;
|
||||
}
|
||||
else if (*keyFormat == DILITHIUM_AES_LEVEL5k) {
|
||||
ctx->privateKeyType = dilithium_aes_level5_sa_algo;
|
||||
}
|
||||
ctx->privateKeySz = *keySz;
|
||||
}
|
||||
|
||||
@ -6721,9 +6688,6 @@ int ProcessBuffer(WOLFSSL_CTX* ctx, const unsigned char* buff,
|
||||
case CTC_DILITHIUM_LEVEL2:
|
||||
case CTC_DILITHIUM_LEVEL3:
|
||||
case CTC_DILITHIUM_LEVEL5:
|
||||
case CTC_DILITHIUM_AES_LEVEL2:
|
||||
case CTC_DILITHIUM_AES_LEVEL3:
|
||||
case CTC_DILITHIUM_AES_LEVEL5:
|
||||
WOLFSSL_MSG("Dilithium cert signature");
|
||||
if (ssl)
|
||||
ssl->options.haveDilithiumSig = 1;
|
||||
@ -6776,10 +6740,7 @@ int ProcessBuffer(WOLFSSL_CTX* ctx, const unsigned char* buff,
|
||||
#ifdef HAVE_DILITHIUM
|
||||
else if (cert->keyOID == DILITHIUM_LEVEL2k ||
|
||||
cert->keyOID == DILITHIUM_LEVEL3k ||
|
||||
cert->keyOID == DILITHIUM_LEVEL5k ||
|
||||
cert->keyOID == DILITHIUM_AES_LEVEL2k ||
|
||||
cert->keyOID == DILITHIUM_AES_LEVEL3k ||
|
||||
cert->keyOID == DILITHIUM_AES_LEVEL5k) {
|
||||
cert->keyOID == DILITHIUM_LEVEL5k) {
|
||||
ssl->options.haveDilithiumSig = 1;
|
||||
}
|
||||
#endif /* HAVE_DILITHIUM */
|
||||
@ -6826,10 +6787,7 @@ int ProcessBuffer(WOLFSSL_CTX* ctx, const unsigned char* buff,
|
||||
#ifdef HAVE_DILITHIUM
|
||||
else if (cert->keyOID == DILITHIUM_LEVEL2k ||
|
||||
cert->keyOID == DILITHIUM_LEVEL3k ||
|
||||
cert->keyOID == DILITHIUM_LEVEL5k ||
|
||||
cert->keyOID == DILITHIUM_AES_LEVEL2k ||
|
||||
cert->keyOID == DILITHIUM_AES_LEVEL3k ||
|
||||
cert->keyOID == DILITHIUM_AES_LEVEL5k) {
|
||||
cert->keyOID == DILITHIUM_LEVEL5k) {
|
||||
ctx->haveDilithiumSig = 1;
|
||||
}
|
||||
#endif /* HAVE_DILITHIUM */
|
||||
@ -6972,9 +6930,6 @@ int ProcessBuffer(WOLFSSL_CTX* ctx, const unsigned char* buff,
|
||||
case DILITHIUM_LEVEL2k:
|
||||
case DILITHIUM_LEVEL3k:
|
||||
case DILITHIUM_LEVEL5k:
|
||||
case DILITHIUM_AES_LEVEL2k:
|
||||
case DILITHIUM_AES_LEVEL3k:
|
||||
case DILITHIUM_AES_LEVEL5k:
|
||||
/* Dilithium is fixed key size */
|
||||
keySz = DILITHIUM_MAX_KEY_SIZE;
|
||||
if (ssl && !ssl->options.verifyNone) {
|
||||
@ -9465,74 +9420,32 @@ static WOLFSSL_EVP_PKEY* d2iGenericKey(WOLFSSL_EVP_PKEY** out,
|
||||
#endif
|
||||
|
||||
if (wc_dilithium_init(dilithium) == 0) {
|
||||
/* Test if Dilithium key. Try all levels for both SHAKE and AES */
|
||||
/* Test if Dilithium key. Try all levels. */
|
||||
if (priv) {
|
||||
isDilithium = wc_dilithium_set_level_and_sym(dilithium, 2,
|
||||
SHAKE_VARIANT) == 0 &&
|
||||
isDilithium = wc_dilithium_set_level(dilithium, 2) == 0 &&
|
||||
wc_dilithium_import_private_only(mem,
|
||||
(word32)memSz, dilithium) == 0;
|
||||
if (!isDilithium) {
|
||||
isDilithium = wc_dilithium_set_level_and_sym(dilithium, 3,
|
||||
SHAKE_VARIANT) == 0 &&
|
||||
isDilithium = wc_dilithium_set_level(dilithium, 3) == 0 &&
|
||||
wc_dilithium_import_private_only(mem,
|
||||
(word32)memSz, dilithium) == 0;
|
||||
}
|
||||
if (!isDilithium) {
|
||||
isDilithium = wc_dilithium_set_level_and_sym(dilithium, 5,
|
||||
SHAKE_VARIANT) == 0 &&
|
||||
wc_dilithium_import_private_only(mem,
|
||||
(word32)memSz, dilithium) == 0;
|
||||
}
|
||||
if (!isDilithium) {
|
||||
isDilithium = wc_dilithium_set_level_and_sym(dilithium, 2,
|
||||
AES_VARIANT) == 0 &&
|
||||
wc_dilithium_import_private_only(mem,
|
||||
(word32)memSz, dilithium) == 0;
|
||||
}
|
||||
if (!isDilithium) {
|
||||
isDilithium = wc_dilithium_set_level_and_sym(dilithium, 3,
|
||||
AES_VARIANT) == 0 &&
|
||||
wc_dilithium_import_private_only(mem,
|
||||
(word32)memSz, dilithium) == 0;
|
||||
}
|
||||
if (!isDilithium) {
|
||||
isDilithium = wc_dilithium_set_level_and_sym(dilithium, 5,
|
||||
AES_VARIANT) == 0 &&
|
||||
isDilithium = wc_dilithium_set_level(dilithium, 5) == 0 &&
|
||||
wc_dilithium_import_private_only(mem,
|
||||
(word32)memSz, dilithium) == 0;
|
||||
}
|
||||
} else {
|
||||
isDilithium = wc_dilithium_set_level_and_sym(dilithium, 2,
|
||||
SHAKE_VARIANT) == 0 &&
|
||||
isDilithium = wc_dilithium_set_level(dilithium, 2) == 0 &&
|
||||
wc_dilithium_import_public(mem, (word32)memSz,
|
||||
dilithium) == 0;
|
||||
if (!isDilithium) {
|
||||
isDilithium = wc_dilithium_set_level_and_sym(dilithium, 3,
|
||||
SHAKE_VARIANT) == 0 &&
|
||||
isDilithium = wc_dilithium_set_level(dilithium, 3) == 0 &&
|
||||
wc_dilithium_import_public(mem, (word32)memSz,
|
||||
dilithium) == 0;
|
||||
}
|
||||
if (!isDilithium) {
|
||||
isDilithium = wc_dilithium_set_level_and_sym(dilithium, 5,
|
||||
SHAKE_VARIANT) == 0 &&
|
||||
wc_dilithium_import_public(mem, (word32)memSz,
|
||||
dilithium) == 0;
|
||||
}
|
||||
if (!isDilithium) {
|
||||
isDilithium = wc_dilithium_set_level_and_sym(dilithium, 2,
|
||||
AES_VARIANT) == 0 &&
|
||||
wc_dilithium_import_public(mem, (word32)memSz,
|
||||
dilithium) == 0;
|
||||
}
|
||||
if (!isDilithium) {
|
||||
isDilithium = wc_dilithium_set_level_and_sym(dilithium, 3,
|
||||
AES_VARIANT) == 0 &&
|
||||
wc_dilithium_import_public(mem, (word32)memSz,
|
||||
dilithium) == 0;
|
||||
}
|
||||
if (!isDilithium) {
|
||||
isDilithium = wc_dilithium_set_level_and_sym(dilithium, 5,
|
||||
AES_VARIANT) == 0 &&
|
||||
isDilithium = wc_dilithium_set_level(dilithium, 5) == 0 &&
|
||||
wc_dilithium_import_public(mem, (word32)memSz,
|
||||
dilithium) == 0;
|
||||
}
|
||||
@ -26782,12 +26695,6 @@ const WOLFSSL_ObjectInfo wolfssl_object_info[] = {
|
||||
"Dilithium Level 3", "Dilithium Level 3"},
|
||||
{ CTC_DILITHIUM_LEVEL5, DILITHIUM_LEVEL5k, oidKeyType,
|
||||
"Dilithium Level 5", "Dilithium Level 5"},
|
||||
{ CTC_DILITHIUM_AES_LEVEL2, DILITHIUM_AES_LEVEL2k, oidKeyType,
|
||||
"Dilithium AES Level 2", "Dilithium AES Level 2"},
|
||||
{ CTC_DILITHIUM_AES_LEVEL3, DILITHIUM_AES_LEVEL3k, oidKeyType,
|
||||
"Dilithium AES Level 3", "Dilithium AES Level 3"},
|
||||
{ CTC_DILITHIUM_AES_LEVEL5, DILITHIUM_AES_LEVEL5k, oidKeyType,
|
||||
"Dilithium AES Level 5", "Dilithium AES Level 5"},
|
||||
#endif /* HAVE_DILITHIUM */
|
||||
#endif /* HAVE_PQC */
|
||||
|
||||
@ -28435,9 +28342,6 @@ struct WOLFSSL_HashSigInfo {
|
||||
{ no_mac, dilithium_level2_sa_algo, CTC_DILITHIUM_LEVEL2 },
|
||||
{ no_mac, dilithium_level3_sa_algo, CTC_DILITHIUM_LEVEL3 },
|
||||
{ no_mac, dilithium_level5_sa_algo, CTC_DILITHIUM_LEVEL5 },
|
||||
{ no_mac, dilithium_aes_level2_sa_algo, CTC_DILITHIUM_AES_LEVEL2 },
|
||||
{ no_mac, dilithium_aes_level3_sa_algo, CTC_DILITHIUM_AES_LEVEL3 },
|
||||
{ no_mac, dilithium_aes_level5_sa_algo, CTC_DILITHIUM_AES_LEVEL5 },
|
||||
#endif /* HAVE_DILITHIUM */
|
||||
#endif /* HAVE_PQC */
|
||||
#ifndef NO_DSA
|
||||
|
57
src/tls13.c
57
src/tls13.c
@ -6771,18 +6771,6 @@ static WC_INLINE void EncodeSigAlg(byte hashAlgo, byte hsType, byte* output)
|
||||
output[0] = DILITHIUM_LEVEL5_SA_MAJOR;
|
||||
output[1] = DILITHIUM_LEVEL5_SA_MINOR;
|
||||
break;
|
||||
case dilithium_aes_level2_sa_algo:
|
||||
output[0] = DILITHIUM_AES_LEVEL2_SA_MAJOR;
|
||||
output[1] = DILITHIUM_AES_LEVEL2_SA_MINOR;
|
||||
break;
|
||||
case dilithium_aes_level3_sa_algo:
|
||||
output[0] = DILITHIUM_AES_LEVEL3_SA_MAJOR;
|
||||
output[1] = DILITHIUM_AES_LEVEL3_SA_MINOR;
|
||||
break;
|
||||
case dilithium_aes_level5_sa_algo:
|
||||
output[0] = DILITHIUM_AES_LEVEL5_SA_MAJOR;
|
||||
output[1] = DILITHIUM_AES_LEVEL5_SA_MINOR;
|
||||
break;
|
||||
#endif
|
||||
#endif
|
||||
default:
|
||||
@ -6855,18 +6843,6 @@ static WC_INLINE int DecodeTls13SigAlg(byte* input, byte* hashAlgo,
|
||||
*hsType = dilithium_level5_sa_algo;
|
||||
/* Hash performed as part of sign/verify operation. */
|
||||
*hashAlgo = sha512_mac;
|
||||
} else if (input[1] == DILITHIUM_AES_LEVEL2_SA_MINOR) {
|
||||
*hsType = dilithium_aes_level2_sa_algo;
|
||||
/* Hash performed as part of sign/verify operation. */
|
||||
*hashAlgo = sha512_mac;
|
||||
} else if (input[1] == DILITHIUM_AES_LEVEL3_SA_MINOR) {
|
||||
*hsType = dilithium_aes_level3_sa_algo;
|
||||
/* Hash performed as part of sign/verify operation. */
|
||||
*hashAlgo = sha512_mac;
|
||||
} else if (input[1] == DILITHIUM_AES_LEVEL5_SA_MINOR) {
|
||||
*hsType = dilithium_aes_level5_sa_algo;
|
||||
/* Hash performed as part of sign/verify operation. */
|
||||
*hashAlgo = sha512_mac;
|
||||
}
|
||||
else
|
||||
#endif /* HAVE_DILITHIUM */
|
||||
@ -7730,28 +7706,18 @@ static int SendTls13CertificateVerify(WOLFSSL* ssl)
|
||||
else if (ssl->hsType == DYNAMIC_TYPE_DILITHIUM) {
|
||||
dilithium_key* fkey = (dilithium_key*)ssl->hsKey;
|
||||
byte level = 0;
|
||||
byte sym = 0;
|
||||
if (wc_dilithium_get_level_and_sym(fkey, &level, &sym) != 0) {
|
||||
if (wc_dilithium_get_level(fkey, &level) != 0) {
|
||||
ERROR_OUT(ALGO_ID_E, exit_scv);
|
||||
}
|
||||
if ((level == 2) && (sym == SHAKE_VARIANT)) {
|
||||
if (level == 2) {
|
||||
args->sigAlgo = dilithium_level2_sa_algo;
|
||||
}
|
||||
else if ((level == 3) && (sym == SHAKE_VARIANT)) {
|
||||
else if (level == 3) {
|
||||
args->sigAlgo = dilithium_level3_sa_algo;
|
||||
}
|
||||
else if ((level == 5) && (sym == SHAKE_VARIANT)) {
|
||||
else if (level == 5) {
|
||||
args->sigAlgo = dilithium_level5_sa_algo;
|
||||
}
|
||||
else if ((level == 2) && (sym == AES_VARIANT)) {
|
||||
args->sigAlgo = dilithium_aes_level2_sa_algo;
|
||||
}
|
||||
else if ((level == 3) && (sym == AES_VARIANT)) {
|
||||
args->sigAlgo = dilithium_aes_level3_sa_algo;
|
||||
}
|
||||
else if ((level == 5) && (sym == AES_VARIANT)) {
|
||||
args->sigAlgo = dilithium_aes_level5_sa_algo;
|
||||
}
|
||||
else {
|
||||
ERROR_OUT(ALGO_ID_E, exit_scv);
|
||||
}
|
||||
@ -8322,21 +8288,6 @@ static int DoTls13CertificateVerify(WOLFSSL* ssl, byte* input,
|
||||
validSigAlgo = (ssl->peerDilithiumKey != NULL) &&
|
||||
ssl->peerDilithiumKeyPresent;
|
||||
}
|
||||
if (args->sigAlgo == dilithium_aes_level2_sa_algo) {
|
||||
WOLFSSL_MSG("Peer sent Dilithium AES Level 2 sig");
|
||||
validSigAlgo = (ssl->peerDilithiumKey != NULL) &&
|
||||
ssl->peerDilithiumKeyPresent;
|
||||
}
|
||||
if (args->sigAlgo == dilithium_aes_level3_sa_algo) {
|
||||
WOLFSSL_MSG("Peer sent Dilithium AES Level 3 sig");
|
||||
validSigAlgo = (ssl->peerDilithiumKey != NULL) &&
|
||||
ssl->peerDilithiumKeyPresent;
|
||||
}
|
||||
if (args->sigAlgo == dilithium_aes_level5_sa_algo) {
|
||||
WOLFSSL_MSG("Peer sent Dilithium AES Level 5 sig");
|
||||
validSigAlgo = (ssl->peerDilithiumKey != NULL) &&
|
||||
ssl->peerDilithiumKeyPresent;
|
||||
}
|
||||
#endif
|
||||
#ifndef NO_RSA
|
||||
if (args->sigAlgo == rsa_sa_algo) {
|
||||
|
@ -483,9 +483,6 @@
|
||||
#define BENCH_DILITHIUM_LEVEL2_SIGN 0x04000000
|
||||
#define BENCH_DILITHIUM_LEVEL3_SIGN 0x08000000
|
||||
#define BENCH_DILITHIUM_LEVEL5_SIGN 0x10000000
|
||||
#define BENCH_DILITHIUM_AES_LEVEL2_SIGN 0x20000000
|
||||
#define BENCH_DILITHIUM_AES_LEVEL3_SIGN 0x40000000
|
||||
#define BENCH_DILITHIUM_AES_LEVEL5_SIGN 0x80000000
|
||||
|
||||
/* Post-Quantum Asymmetric algorithms. (Part 2) */
|
||||
#define BENCH_SPHINCS_FAST_LEVEL1_SIGN 0x00000001
|
||||
@ -798,12 +795,6 @@ static const bench_pq_alg bench_pq_asym_opt[] = {
|
||||
OQS_SIG_alg_dilithium_3 },
|
||||
{ "-dilithium_level5", BENCH_DILITHIUM_LEVEL5_SIGN,
|
||||
OQS_SIG_alg_dilithium_5 },
|
||||
{ "-dilithium_aes_level2", BENCH_DILITHIUM_AES_LEVEL2_SIGN,
|
||||
OQS_SIG_alg_dilithium_2_aes },
|
||||
{ "-dilithium_aes_level3", BENCH_DILITHIUM_AES_LEVEL3_SIGN,
|
||||
OQS_SIG_alg_dilithium_3_aes },
|
||||
{ "-dilithium_aes_level5", BENCH_DILITHIUM_AES_LEVEL5_SIGN,
|
||||
OQS_SIG_alg_dilithium_5_aes },
|
||||
{ "-kyber_level1-kg", BENCH_KYBER_LEVEL1_KEYGEN,
|
||||
OQS_KEM_alg_kyber_512 },
|
||||
{ "-kyber_level1-ed", BENCH_KYBER_LEVEL1_ENCAP,
|
||||
@ -2919,17 +2910,11 @@ static void* benchmarks_do(void* args)
|
||||
#endif
|
||||
#ifdef HAVE_DILITHIUM
|
||||
if (bench_all || (bench_pq_asym_algs & BENCH_DILITHIUM_LEVEL2_SIGN))
|
||||
bench_dilithiumKeySign(2, SHAKE_VARIANT);
|
||||
bench_dilithiumKeySign(2);
|
||||
if (bench_all || (bench_pq_asym_algs & BENCH_DILITHIUM_LEVEL3_SIGN))
|
||||
bench_dilithiumKeySign(3, SHAKE_VARIANT);
|
||||
bench_dilithiumKeySign(3);
|
||||
if (bench_all || (bench_pq_asym_algs & BENCH_DILITHIUM_LEVEL5_SIGN))
|
||||
bench_dilithiumKeySign(5, SHAKE_VARIANT);
|
||||
if (bench_all || (bench_pq_asym_algs & BENCH_DILITHIUM_AES_LEVEL2_SIGN))
|
||||
bench_dilithiumKeySign(2, AES_VARIANT);
|
||||
if (bench_all || (bench_pq_asym_algs & BENCH_DILITHIUM_AES_LEVEL3_SIGN))
|
||||
bench_dilithiumKeySign(3, AES_VARIANT);
|
||||
if (bench_all || (bench_pq_asym_algs & BENCH_DILITHIUM_AES_LEVEL5_SIGN))
|
||||
bench_dilithiumKeySign(5, AES_VARIANT);
|
||||
bench_dilithiumKeySign(5);
|
||||
#endif
|
||||
|
||||
#ifdef HAVE_SPHINCS
|
||||
@ -8393,7 +8378,7 @@ void bench_falconKeySign(byte level)
|
||||
#endif /* HAVE_FALCON */
|
||||
|
||||
#ifdef HAVE_DILITHIUM
|
||||
void bench_dilithiumKeySign(byte level, byte sym)
|
||||
void bench_dilithiumKeySign(byte level)
|
||||
{
|
||||
int ret = 0;
|
||||
dilithium_key key;
|
||||
@ -8410,40 +8395,25 @@ void bench_dilithiumKeySign(byte level, byte sym)
|
||||
return;
|
||||
}
|
||||
|
||||
ret = wc_dilithium_set_level_and_sym(&key, level, sym);
|
||||
ret = wc_dilithium_set_level(&key, level);
|
||||
if (ret != 0) {
|
||||
printf("wc_dilithium_set_level_and_sym() failed %d\n", ret);
|
||||
printf("wc_dilithium_set_level() failed %d\n", ret);
|
||||
}
|
||||
|
||||
if (ret == 0) {
|
||||
ret = -1;
|
||||
if ((level == 2) && (sym == SHAKE_VARIANT)) {
|
||||
if (level == 2) {
|
||||
ret = wc_dilithium_import_private_key(bench_dilithium_level2_key,
|
||||
sizeof_bench_dilithium_level2_key, NULL, 0, &key);
|
||||
}
|
||||
else if ((level == 3) && (sym == SHAKE_VARIANT)) {
|
||||
else if (level == 3) {
|
||||
ret = wc_dilithium_import_private_key(bench_dilithium_level3_key,
|
||||
sizeof_bench_dilithium_level3_key, NULL, 0, &key);
|
||||
}
|
||||
else if ((level == 5) && (sym == SHAKE_VARIANT)) {
|
||||
else if (level == 5) {
|
||||
ret = wc_dilithium_import_private_key(bench_dilithium_level5_key,
|
||||
sizeof_bench_dilithium_level5_key, NULL, 0, &key);
|
||||
}
|
||||
else if ((level == 2) && (sym == AES_VARIANT)) {
|
||||
ret = wc_dilithium_import_private_key(
|
||||
bench_dilithium_aes_level2_key,
|
||||
sizeof_bench_dilithium_level2_key, NULL, 0, &key);
|
||||
}
|
||||
else if ((level == 3) && (sym == AES_VARIANT)) {
|
||||
ret = wc_dilithium_import_private_key(
|
||||
bench_dilithium_aes_level3_key,
|
||||
sizeof_bench_dilithium_level3_key, NULL, 0, &key);
|
||||
}
|
||||
else if ((level == 5) && (sym == AES_VARIANT)) {
|
||||
ret = wc_dilithium_import_private_key(
|
||||
bench_dilithium_aes_level5_key,
|
||||
sizeof_bench_dilithium_level5_key, NULL, 0, &key);
|
||||
}
|
||||
|
||||
if (ret != 0) {
|
||||
printf("wc_dilithium_import_private_key failed %d\n", ret);
|
||||
@ -8479,14 +8449,8 @@ void bench_dilithiumKeySign(byte level, byte sym)
|
||||
} while (bench_stats_check(start));
|
||||
|
||||
if (ret == 0) {
|
||||
if (sym == SHAKE_VARIANT) {
|
||||
bench_stats_asym_finish("DILITHIUM", level, desc[4], 0, count,
|
||||
start, ret);
|
||||
}
|
||||
else {
|
||||
bench_stats_asym_finish("DILITHIUM-AES", level, desc[4], 0, count,
|
||||
start, ret);
|
||||
}
|
||||
bench_stats_asym_finish("DILITHIUM", level, desc[4], 0, count, start,
|
||||
ret);
|
||||
}
|
||||
|
||||
bench_stats_start(&count, &start);
|
||||
@ -8508,14 +8472,8 @@ void bench_dilithiumKeySign(byte level, byte sym)
|
||||
} while (bench_stats_check(start));
|
||||
|
||||
if (ret == 0) {
|
||||
if (sym == SHAKE_VARIANT) {
|
||||
bench_stats_asym_finish("DILITHIUM", level, desc[5], 0, count,
|
||||
start, ret);
|
||||
}
|
||||
else {
|
||||
bench_stats_asym_finish("DILITHIUM-AES", level, desc[5], 0, count,
|
||||
start, ret);
|
||||
}
|
||||
bench_stats_asym_finish("DILITHIUM", level, desc[5], 0, count, start,
|
||||
ret);
|
||||
}
|
||||
|
||||
wc_dilithium_free(&key);
|
||||
|
@ -114,7 +114,7 @@ void bench_blake2b(void);
|
||||
void bench_blake2s(void);
|
||||
void bench_pbkdf2(void);
|
||||
void bench_falconKeySign(byte level);
|
||||
void bench_dilithiumKeySign(byte level, byte sym);
|
||||
void bench_dilithiumKeySign(byte level);
|
||||
void bench_sphincsKeySign(byte level, byte optim);
|
||||
void bench_pqcKemKeygen(word32 alg);
|
||||
void bench_pqcKemEncapDecap(word32 alg);
|
||||
|
@ -4010,18 +4010,6 @@ static word32 SetBitString16Bit(word16 val, byte* output)
|
||||
/* Dilithium Level 5: 1.3.6.1.4.1.2.267.7.8.7 */
|
||||
static const byte sigDilithium_Level5Oid[] =
|
||||
{43, 6, 1, 4, 1, 2, 130, 11, 7, 8, 7};
|
||||
|
||||
/* Dilithium AES Level 2: 1.3.6.1.4.1.2.267.11.4.4 */
|
||||
static const byte sigDilithiumAes_Level2Oid[] =
|
||||
{43, 6, 1, 4, 1, 2, 130, 11, 11, 4, 4};
|
||||
|
||||
/* Dilithium AES Level 3: 1.3.6.1.4.1.2.267.11.6.5 */
|
||||
static const byte sigDilithiumAes_Level3Oid[] =
|
||||
{43, 6, 1, 4, 1, 2, 130, 11, 11, 6, 5};
|
||||
|
||||
/* Dilithium AES Level 5: 1.3.6.1.4.1.2.267.11.8.7 */
|
||||
static const byte sigDilithiumAes_Level5Oid[] =
|
||||
{43, 6, 1, 4, 1, 2, 130, 11, 11, 8, 7};
|
||||
#endif /* HAVE_DILITHIUM */
|
||||
#ifdef HAVE_SPHINCS
|
||||
/* Sphincs Fast Level 1: 1 3 9999 6 7 4 */
|
||||
@ -4098,18 +4086,6 @@ static word32 SetBitString16Bit(word16 val, byte* output)
|
||||
/* Dilithium Level 5: 1.3.6.1.4.1.2.267.7.8.7 */
|
||||
static const byte keyDilithium_Level5Oid[] =
|
||||
{43, 6, 1, 4, 1, 2, 130, 11, 7, 8, 7};
|
||||
|
||||
/* Dilithium AES Level 2: 1.3.6.1.4.1.2.267.11.4.4 */
|
||||
static const byte keyDilithiumAes_Level2Oid[] =
|
||||
{43, 6, 1, 4, 1, 2, 130, 11, 11, 4, 4};
|
||||
|
||||
/* Dilithium AES Level 3: 1.3.6.1.4.1.2.267.11.6.5 */
|
||||
static const byte keyDilithiumAes_Level3Oid[] =
|
||||
{43, 6, 1, 4, 1, 2, 130, 11, 11, 6, 5};
|
||||
|
||||
/* Dilithium AES Level 5: 1.3.6.1.4.1.2.267.11.8.7 */
|
||||
static const byte keyDilithiumAes_Level5Oid[] =
|
||||
{43, 6, 1, 4, 1, 2, 130, 11, 11, 8, 7};
|
||||
#endif /* HAVE_DILITHIUM */
|
||||
#ifdef HAVE_SPHINCS
|
||||
/* Sphincs Fast Level 1: 1 3 9999 6 7 4 */
|
||||
@ -4657,18 +4633,6 @@ const byte* OidFromId(word32 id, word32 type, word32* oidSz)
|
||||
oid = sigDilithium_Level5Oid;
|
||||
*oidSz = sizeof(sigDilithium_Level5Oid);
|
||||
break;
|
||||
case CTC_DILITHIUM_AES_LEVEL2:
|
||||
oid = sigDilithiumAes_Level2Oid;
|
||||
*oidSz = sizeof(sigDilithiumAes_Level2Oid);
|
||||
break;
|
||||
case CTC_DILITHIUM_AES_LEVEL3:
|
||||
oid = sigDilithiumAes_Level3Oid;
|
||||
*oidSz = sizeof(sigDilithiumAes_Level3Oid);
|
||||
break;
|
||||
case CTC_DILITHIUM_AES_LEVEL5:
|
||||
oid = sigDilithiumAes_Level5Oid;
|
||||
*oidSz = sizeof(sigDilithiumAes_Level5Oid);
|
||||
break;
|
||||
#endif /* HAVE_DILITHIUM */
|
||||
#ifdef HAVE_SPHINCS
|
||||
case CTC_SPHINCS_FAST_LEVEL1:
|
||||
@ -4782,18 +4746,6 @@ const byte* OidFromId(word32 id, word32 type, word32* oidSz)
|
||||
oid = keyDilithium_Level5Oid;
|
||||
*oidSz = sizeof(keyDilithium_Level5Oid);
|
||||
break;
|
||||
case DILITHIUM_AES_LEVEL2k:
|
||||
oid = keyDilithiumAes_Level2Oid;
|
||||
*oidSz = sizeof(keyDilithiumAes_Level2Oid);
|
||||
break;
|
||||
case DILITHIUM_AES_LEVEL3k:
|
||||
oid = keyDilithiumAes_Level3Oid;
|
||||
*oidSz = sizeof(keyDilithiumAes_Level3Oid);
|
||||
break;
|
||||
case DILITHIUM_AES_LEVEL5k:
|
||||
oid = keyDilithiumAes_Level5Oid;
|
||||
*oidSz = sizeof(keyDilithiumAes_Level5Oid);
|
||||
break;
|
||||
#endif /* HAVE_DILITHIUM */
|
||||
#ifdef HAVE_SPHINCS
|
||||
case SPHINCS_FAST_LEVEL1k:
|
||||
@ -5703,32 +5655,15 @@ static int GetOID(const byte* input, word32* inOutIdx, word32* oid,
|
||||
|
||||
#if defined(HAVE_PQC) && defined(HAVE_LIBOQS)
|
||||
/* Since we are summing it up, there could be collisions...and indeed there
|
||||
* are:
|
||||
* are: SPHINCS_FAST_LEVEL1 and SPHINCS_FAST_LEVEL3.
|
||||
*
|
||||
* DILITHIUM_LEVEL5
|
||||
* 1.3.6.1.4.1.2.267.7.6.7
|
||||
* {43, 6, 1, 4, 1, 2, 130, 11, 7, 8, 7}
|
||||
* -> 220
|
||||
* DILITHIUM_AES_LEVEL3
|
||||
* 1.3.6.1.4.1.2.267.11.4.5
|
||||
* {43, 6, 1, 4, 1, 2, 130, 11, 11, 6, 5}
|
||||
* -> 220
|
||||
*
|
||||
* As a small hack, we're going to look for the special case of
|
||||
* DILITHIUM_AES_LEVEL3k and if we find it, instead of *oid being set to 220
|
||||
* we will set it to 221. Note that DILITHIUM_AES_LEVEL3k is defined as 221.
|
||||
*
|
||||
* Same thing for SPHINCS_FAST_LEVEL1 and SPHINCS_FAST_LEVEL3. We will look
|
||||
* for the special case of SPHINCS_FAST_LEVEL3 and set *oid to 283 instead
|
||||
* of 281; 282 is taken.
|
||||
* We will look for the special case of SPHINCS_FAST_LEVEL3 and set *oid to
|
||||
* 283 instead of 281; 282 is taken.
|
||||
*
|
||||
* These hacks will hopefully disappear when new standardized OIDs appear.
|
||||
*/
|
||||
if (memcmp(&input[idx], sigDilithiumAes_Level3Oid,
|
||||
sizeof(sigDilithiumAes_Level3Oid)) == 0) {
|
||||
found_collision = DILITHIUM_AES_LEVEL3k;
|
||||
} else if (memcmp(&input[idx], sigSphincsFast_Level3Oid,
|
||||
sizeof(sigSphincsFast_Level3Oid)) == 0) {
|
||||
if (memcmp(&input[idx], sigSphincsFast_Level3Oid,
|
||||
sizeof(sigSphincsFast_Level3Oid)) == 0) {
|
||||
found_collision = SPHINCS_FAST_LEVEL3k;
|
||||
}
|
||||
#endif /* HAVE_PQC */
|
||||
@ -7362,10 +7297,7 @@ int wc_CheckPrivateKey(const byte* privKey, word32 privKeySz,
|
||||
#if defined(HAVE_DILITHIUM)
|
||||
if ((ks == DILITHIUM_LEVEL2k) ||
|
||||
(ks == DILITHIUM_LEVEL3k) ||
|
||||
(ks == DILITHIUM_LEVEL5k) ||
|
||||
(ks == DILITHIUM_AES_LEVEL2k) ||
|
||||
(ks == DILITHIUM_AES_LEVEL3k) ||
|
||||
(ks == DILITHIUM_AES_LEVEL5k)) {
|
||||
(ks == DILITHIUM_LEVEL5k)) {
|
||||
#ifdef WOLFSSL_SMALL_STACK
|
||||
dilithium_key* key_pair = NULL;
|
||||
#else
|
||||
@ -7388,22 +7320,13 @@ int wc_CheckPrivateKey(const byte* privKey, word32 privKeySz,
|
||||
}
|
||||
|
||||
if (ks == DILITHIUM_LEVEL2k) {
|
||||
ret = wc_dilithium_set_level_and_sym(key_pair, 2, SHAKE_VARIANT);
|
||||
ret = wc_dilithium_set_level(key_pair, 2);
|
||||
}
|
||||
else if (ks == DILITHIUM_LEVEL3k) {
|
||||
ret = wc_dilithium_set_level_and_sym(key_pair, 3, SHAKE_VARIANT);
|
||||
ret = wc_dilithium_set_level(key_pair, 3);
|
||||
}
|
||||
else if (ks == DILITHIUM_LEVEL5k) {
|
||||
ret = wc_dilithium_set_level_and_sym(key_pair, 5, SHAKE_VARIANT);
|
||||
}
|
||||
else if (ks == DILITHIUM_AES_LEVEL2k) {
|
||||
ret = wc_dilithium_set_level_and_sym(key_pair, 2, AES_VARIANT);
|
||||
}
|
||||
else if (ks == DILITHIUM_AES_LEVEL3k) {
|
||||
ret = wc_dilithium_set_level_and_sym(key_pair, 3, AES_VARIANT);
|
||||
}
|
||||
else if (ks == DILITHIUM_AES_LEVEL5k) {
|
||||
ret = wc_dilithium_set_level_and_sym(key_pair, 5, AES_VARIANT);
|
||||
ret = wc_dilithium_set_level(key_pair, 5);
|
||||
}
|
||||
|
||||
if (ret < 0) {
|
||||
@ -7849,7 +7772,7 @@ int wc_GetKeyOID(byte* key, word32 keySz, const byte** curveOID, word32* oidSz,
|
||||
|
||||
if (wc_dilithium_init(dilithium) != 0) {
|
||||
tmpIdx = 0;
|
||||
if (wc_dilithium_set_level_and_sym(dilithium, 2, SHAKE_VARIANT)
|
||||
if (wc_dilithium_set_level(dilithium, 2)
|
||||
== 0) {
|
||||
if (wc_Dilithium_PrivateKeyDecode(key, &tmpIdx, dilithium,
|
||||
keySz) == 0) {
|
||||
@ -7859,7 +7782,7 @@ int wc_GetKeyOID(byte* key, word32 keySz, const byte** curveOID, word32* oidSz,
|
||||
WOLFSSL_MSG("Not Dilithium Level 2 DER key");
|
||||
}
|
||||
}
|
||||
else if (wc_dilithium_set_level_and_sym(dilithium, 3, SHAKE_VARIANT)
|
||||
else if (wc_dilithium_set_level(dilithium, 3)
|
||||
== 0) {
|
||||
if (wc_Dilithium_PrivateKeyDecode(key, &tmpIdx, dilithium,
|
||||
keySz) == 0) {
|
||||
@ -7869,7 +7792,7 @@ int wc_GetKeyOID(byte* key, word32 keySz, const byte** curveOID, word32* oidSz,
|
||||
WOLFSSL_MSG("Not Dilithium Level 3 DER key");
|
||||
}
|
||||
}
|
||||
else if (wc_dilithium_set_level_and_sym(dilithium, 5, SHAKE_VARIANT)
|
||||
else if (wc_dilithium_set_level(dilithium, 5)
|
||||
== 0) {
|
||||
if (wc_Dilithium_PrivateKeyDecode(key, &tmpIdx, dilithium,
|
||||
keySz) == 0) {
|
||||
@ -7879,36 +7802,6 @@ int wc_GetKeyOID(byte* key, word32 keySz, const byte** curveOID, word32* oidSz,
|
||||
WOLFSSL_MSG("Not Dilithium Level 5 DER key");
|
||||
}
|
||||
}
|
||||
else if (wc_dilithium_set_level_and_sym(dilithium, 2, AES_VARIANT)
|
||||
== 0) {
|
||||
if (wc_Dilithium_PrivateKeyDecode(key, &tmpIdx, dilithium,
|
||||
keySz) == 0) {
|
||||
*algoID = DILITHIUM_AES_LEVEL2k;
|
||||
}
|
||||
else {
|
||||
WOLFSSL_MSG("Not Dilithium AES Level 2 DER key");
|
||||
}
|
||||
}
|
||||
else if (wc_dilithium_set_level_and_sym(dilithium, 3, AES_VARIANT)
|
||||
== 0) {
|
||||
if (wc_Dilithium_PrivateKeyDecode(key, &tmpIdx, dilithium,
|
||||
keySz) == 0) {
|
||||
*algoID = DILITHIUM_AES_LEVEL3k;
|
||||
}
|
||||
else {
|
||||
WOLFSSL_MSG("Not Dilithium AES Level 3 DER key");
|
||||
}
|
||||
}
|
||||
else if (wc_dilithium_set_level_and_sym(dilithium, 5, AES_VARIANT)
|
||||
== 0) {
|
||||
if (wc_Dilithium_PrivateKeyDecode(key, &tmpIdx, dilithium,
|
||||
keySz) == 0) {
|
||||
*algoID = DILITHIUM_AES_LEVEL5k;
|
||||
}
|
||||
else {
|
||||
WOLFSSL_MSG("Not Dilithium AES Level 5 DER key");
|
||||
}
|
||||
}
|
||||
else {
|
||||
WOLFSSL_MSG("GetKeyOID dilithium initialization failed");
|
||||
}
|
||||
@ -11812,18 +11705,6 @@ static int GetCertKey(DecodedCert* cert, const byte* source, word32* inOutIdx,
|
||||
cert->pkCurveOID = DILITHIUM_LEVEL5k;
|
||||
ret = StoreKey(cert, source, &srcIdx, maxIdx);
|
||||
break;
|
||||
case DILITHIUM_AES_LEVEL2k:
|
||||
cert->pkCurveOID = DILITHIUM_AES_LEVEL2k;
|
||||
ret = StoreKey(cert, source, &srcIdx, maxIdx);
|
||||
break;
|
||||
case DILITHIUM_AES_LEVEL3k:
|
||||
cert->pkCurveOID = DILITHIUM_AES_LEVEL3k;
|
||||
ret = StoreKey(cert, source, &srcIdx, maxIdx);
|
||||
break;
|
||||
case DILITHIUM_AES_LEVEL5k:
|
||||
cert->pkCurveOID = DILITHIUM_AES_LEVEL5k;
|
||||
ret = StoreKey(cert, source, &srcIdx, maxIdx);
|
||||
break;
|
||||
#endif /* HAVE_DILITHIUM */
|
||||
#ifdef HAVE_SPHINCS
|
||||
case SPHINCS_FAST_LEVEL1k:
|
||||
@ -14827,9 +14708,6 @@ static WC_INLINE int IsSigAlgoECC(int algoOID)
|
||||
|| (algoOID == DILITHIUM_LEVEL2k)
|
||||
|| (algoOID == DILITHIUM_LEVEL3k)
|
||||
|| (algoOID == DILITHIUM_LEVEL5k)
|
||||
|| (algoOID == DILITHIUM_AES_LEVEL2k)
|
||||
|| (algoOID == DILITHIUM_AES_LEVEL3k)
|
||||
|| (algoOID == DILITHIUM_AES_LEVEL5k)
|
||||
#endif
|
||||
#ifdef HAVE_SPHINCS
|
||||
|| (algoOID == SPHINCS_FAST_LEVEL1k)
|
||||
@ -15150,9 +15028,6 @@ void FreeSignatureCtx(SignatureCtx* sigCtx)
|
||||
case DILITHIUM_LEVEL2k:
|
||||
case DILITHIUM_LEVEL3k:
|
||||
case DILITHIUM_LEVEL5k:
|
||||
case DILITHIUM_AES_LEVEL2k:
|
||||
case DILITHIUM_AES_LEVEL3k:
|
||||
case DILITHIUM_AES_LEVEL5k:
|
||||
wc_dilithium_free(sigCtx->key.dilithium);
|
||||
XFREE(sigCtx->key.dilithium, sigCtx->heap,
|
||||
DYNAMIC_TYPE_DILITHIUM);
|
||||
@ -15321,9 +15196,6 @@ static int HashForSignature(const byte* buf, word32 bufSz, word32 sigOID,
|
||||
case CTC_DILITHIUM_LEVEL2:
|
||||
case CTC_DILITHIUM_LEVEL3:
|
||||
case CTC_DILITHIUM_LEVEL5:
|
||||
case CTC_DILITHIUM_AES_LEVEL2:
|
||||
case CTC_DILITHIUM_AES_LEVEL3:
|
||||
case CTC_DILITHIUM_AES_LEVEL5:
|
||||
/* Hashes done in signing operation. */
|
||||
break;
|
||||
#endif
|
||||
@ -15768,8 +15640,8 @@ static int ConfirmSignature(SignatureCtx* sigCtx,
|
||||
if ((ret = wc_dilithium_init(sigCtx->key.dilithium)) < 0) {
|
||||
goto exit_cs;
|
||||
}
|
||||
if ((ret = wc_dilithium_set_level_and_sym(
|
||||
sigCtx->key.dilithium, 2, SHAKE_VARIANT))
|
||||
if ((ret = wc_dilithium_set_level(
|
||||
sigCtx->key.dilithium, 2))
|
||||
< 0) {
|
||||
goto exit_cs;
|
||||
}
|
||||
@ -15793,8 +15665,8 @@ static int ConfirmSignature(SignatureCtx* sigCtx,
|
||||
if ((ret = wc_dilithium_init(sigCtx->key.dilithium)) < 0) {
|
||||
goto exit_cs;
|
||||
}
|
||||
if ((ret = wc_dilithium_set_level_and_sym(
|
||||
sigCtx->key.dilithium, 3, SHAKE_VARIANT))
|
||||
if ((ret = wc_dilithium_set_level(
|
||||
sigCtx->key.dilithium, 3))
|
||||
< 0) {
|
||||
goto exit_cs;
|
||||
}
|
||||
@ -15818,83 +15690,8 @@ static int ConfirmSignature(SignatureCtx* sigCtx,
|
||||
if ((ret = wc_dilithium_init(sigCtx->key.dilithium)) < 0) {
|
||||
goto exit_cs;
|
||||
}
|
||||
if ((ret = wc_dilithium_set_level_and_sym(
|
||||
sigCtx->key.dilithium, 5, SHAKE_VARIANT))
|
||||
< 0) {
|
||||
goto exit_cs;
|
||||
}
|
||||
if ((ret = wc_dilithium_import_public(key, keySz,
|
||||
sigCtx->key.dilithium)) < 0) {
|
||||
WOLFSSL_MSG("ASN Key import error Dilithium Level 5");
|
||||
goto exit_cs;
|
||||
}
|
||||
break;
|
||||
}
|
||||
case DILITHIUM_AES_LEVEL2k:
|
||||
{
|
||||
sigCtx->verify = 0;
|
||||
sigCtx->key.dilithium =
|
||||
(dilithium_key*)XMALLOC(sizeof(dilithium_key),
|
||||
sigCtx->heap,
|
||||
DYNAMIC_TYPE_DILITHIUM);
|
||||
if (sigCtx->key.dilithium == NULL) {
|
||||
ERROR_OUT(MEMORY_E, exit_cs);
|
||||
}
|
||||
if ((ret = wc_dilithium_init(sigCtx->key.dilithium)) < 0) {
|
||||
goto exit_cs;
|
||||
}
|
||||
if ((ret = wc_dilithium_set_level_and_sym(
|
||||
sigCtx->key.dilithium, 2, AES_VARIANT))
|
||||
< 0) {
|
||||
goto exit_cs;
|
||||
}
|
||||
if ((ret = wc_dilithium_import_public(key, keySz,
|
||||
sigCtx->key.dilithium)) < 0) {
|
||||
WOLFSSL_MSG("ASN Key import error Dilithium Level 2");
|
||||
goto exit_cs;
|
||||
}
|
||||
break;
|
||||
}
|
||||
case DILITHIUM_AES_LEVEL3k:
|
||||
{
|
||||
sigCtx->verify = 0;
|
||||
sigCtx->key.dilithium =
|
||||
(dilithium_key*)XMALLOC(sizeof(dilithium_key),
|
||||
sigCtx->heap,
|
||||
DYNAMIC_TYPE_DILITHIUM);
|
||||
if (sigCtx->key.dilithium == NULL) {
|
||||
ERROR_OUT(MEMORY_E, exit_cs);
|
||||
}
|
||||
if ((ret = wc_dilithium_init(sigCtx->key.dilithium)) < 0) {
|
||||
goto exit_cs;
|
||||
}
|
||||
if ((ret = wc_dilithium_set_level_and_sym(
|
||||
sigCtx->key.dilithium, 3, AES_VARIANT))
|
||||
< 0) {
|
||||
goto exit_cs;
|
||||
}
|
||||
if ((ret = wc_dilithium_import_public(key, keySz,
|
||||
sigCtx->key.dilithium)) < 0) {
|
||||
WOLFSSL_MSG("ASN Key import error Dilithium Level 5");
|
||||
goto exit_cs;
|
||||
}
|
||||
break;
|
||||
}
|
||||
case DILITHIUM_AES_LEVEL5k:
|
||||
{
|
||||
sigCtx->verify = 0;
|
||||
sigCtx->key.dilithium =
|
||||
(dilithium_key*)XMALLOC(sizeof(dilithium_key),
|
||||
sigCtx->heap,
|
||||
DYNAMIC_TYPE_DILITHIUM);
|
||||
if (sigCtx->key.dilithium == NULL) {
|
||||
ERROR_OUT(MEMORY_E, exit_cs);
|
||||
}
|
||||
if ((ret = wc_dilithium_init(sigCtx->key.dilithium)) < 0) {
|
||||
goto exit_cs;
|
||||
}
|
||||
if ((ret = wc_dilithium_set_level_and_sym(
|
||||
sigCtx->key.dilithium, 5, AES_VARIANT))
|
||||
if ((ret = wc_dilithium_set_level(
|
||||
sigCtx->key.dilithium, 5))
|
||||
< 0) {
|
||||
goto exit_cs;
|
||||
}
|
||||
@ -16187,9 +15984,6 @@ static int ConfirmSignature(SignatureCtx* sigCtx,
|
||||
case DILITHIUM_LEVEL2k:
|
||||
case DILITHIUM_LEVEL3k:
|
||||
case DILITHIUM_LEVEL5k:
|
||||
case DILITHIUM_AES_LEVEL2k:
|
||||
case DILITHIUM_AES_LEVEL3k:
|
||||
case DILITHIUM_AES_LEVEL5k:
|
||||
{
|
||||
ret = wc_dilithium_verify_msg(sig, sigSz, buf, bufSz,
|
||||
&sigCtx->verify,
|
||||
@ -16420,39 +16214,6 @@ static int ConfirmSignature(SignatureCtx* sigCtx,
|
||||
}
|
||||
break;
|
||||
}
|
||||
case DILITHIUM_AES_LEVEL2k:
|
||||
{
|
||||
if (sigCtx->verify == 1) {
|
||||
ret = 0;
|
||||
}
|
||||
else {
|
||||
WOLFSSL_MSG("DILITHIUM_AES_LEVEL2 Verify didn't match");
|
||||
ret = ASN_SIG_CONFIRM_E;
|
||||
}
|
||||
break;
|
||||
}
|
||||
case DILITHIUM_AES_LEVEL3k:
|
||||
{
|
||||
if (sigCtx->verify == 1) {
|
||||
ret = 0;
|
||||
}
|
||||
else {
|
||||
WOLFSSL_MSG("DILITHIUM_AES_LEVEL3 Verify didn't match");
|
||||
ret = ASN_SIG_CONFIRM_E;
|
||||
}
|
||||
break;
|
||||
}
|
||||
case DILITHIUM_AES_LEVEL5k:
|
||||
{
|
||||
if (sigCtx->verify == 1) {
|
||||
ret = 0;
|
||||
}
|
||||
else {
|
||||
WOLFSSL_MSG("DILITHIUM_AES_LEVEL5 Verify didn't match");
|
||||
ret = ASN_SIG_CONFIRM_E;
|
||||
}
|
||||
break;
|
||||
}
|
||||
#endif /* HAVE_DILITHIUM */
|
||||
#ifdef HAVE_SPHINCS
|
||||
case SPHINCS_FAST_LEVEL1k:
|
||||
@ -22561,13 +22322,6 @@ wcchar END_PUB_KEY = "-----END PUBLIC KEY-----";
|
||||
wcchar END_DILITHIUM_LEVEL3_PRIV = "-----END DILITHIUM_LEVEL3 PRIVATE KEY-----";
|
||||
wcchar BEGIN_DILITHIUM_LEVEL5_PRIV = "-----BEGIN DILITHIUM_LEVEL5 PRIVATE KEY-----";
|
||||
wcchar END_DILITHIUM_LEVEL5_PRIV = "-----END DILITHIUM_LEVEL5 PRIVATE KEY-----";
|
||||
|
||||
wcchar BEGIN_DILITHIUM_AES_LEVEL2_PRIV = "-----BEGIN DILITHIUM_AES_LEVEL2 PRIVATE KEY-----";
|
||||
wcchar END_DILITHIUM_AES_LEVEL2_PRIV = "-----END DILITHIUM_AES_LEVEL2 PRIVATE KEY-----";
|
||||
wcchar BEGIN_DILITHIUM_AES_LEVEL3_PRIV = "-----BEGIN DILITHIUM_AES_LEVEL3 PRIVATE KEY-----";
|
||||
wcchar END_DILITHIUM_AES_LEVEL3_PRIV = "-----END DILITHIUM_AES_LEVEL3 PRIVATE KEY-----";
|
||||
wcchar BEGIN_DILITHIUM_AES_LEVEL5_PRIV = "-----BEGIN DILITHIUM_AES_LEVEL5 PRIVATE KEY-----";
|
||||
wcchar END_DILITHIUM_AES_LEVEL5_PRIV = "-----END DILITHIUM_AES_LEVEL5 PRIVATE KEY-----";
|
||||
#endif /* HAVE_DILITHIUM */
|
||||
#if defined(HAVE_SPHINCS)
|
||||
wcchar BEGIN_SPHINCS_FAST_LEVEL1_PRIV = "-----BEGIN SPHINCS_FAST_LEVEL1 PRIVATE KEY-----";
|
||||
@ -22708,21 +22462,6 @@ int wc_PemGetHeaderFooter(int type, const char** header, const char** footer)
|
||||
if (footer) *footer = END_DILITHIUM_LEVEL5_PRIV;
|
||||
ret = 0;
|
||||
break;
|
||||
case DILITHIUM_AES_LEVEL2_TYPE:
|
||||
if (header) *header = BEGIN_DILITHIUM_AES_LEVEL2_PRIV;
|
||||
if (footer) *footer = END_DILITHIUM_AES_LEVEL2_PRIV;
|
||||
ret = 0;
|
||||
break;
|
||||
case DILITHIUM_AES_LEVEL3_TYPE:
|
||||
if (header) *header = BEGIN_DILITHIUM_AES_LEVEL3_PRIV;
|
||||
if (footer) *footer = END_DILITHIUM_AES_LEVEL3_PRIV;
|
||||
ret = 0;
|
||||
break;
|
||||
case DILITHIUM_AES_LEVEL5_TYPE:
|
||||
if (header) *header = BEGIN_DILITHIUM_AES_LEVEL5_PRIV;
|
||||
if (footer) *footer = END_DILITHIUM_AES_LEVEL5_PRIV;
|
||||
ret = 0;
|
||||
break;
|
||||
#endif /* HAVE_DILITHIUM */
|
||||
#ifdef HAVE_SPHINCS
|
||||
case SPHINCS_FAST_LEVEL1_TYPE:
|
||||
@ -27509,10 +27248,7 @@ static int EncodeCert(Cert* cert, DerCert* der, RsaKey* rsaKey, ecc_key* eccKey,
|
||||
#if defined(HAVE_DILITHIUM)
|
||||
if ((cert->keyType == DILITHIUM_LEVEL2_KEY) ||
|
||||
(cert->keyType == DILITHIUM_LEVEL3_KEY) ||
|
||||
(cert->keyType == DILITHIUM_LEVEL5_KEY) ||
|
||||
(cert->keyType == DILITHIUM_AES_LEVEL2_KEY) ||
|
||||
(cert->keyType == DILITHIUM_AES_LEVEL3_KEY) ||
|
||||
(cert->keyType == DILITHIUM_AES_LEVEL5_KEY)) {
|
||||
(cert->keyType == DILITHIUM_LEVEL5_KEY)) {
|
||||
if (dilithiumKey == NULL)
|
||||
return PUBLIC_KEY_E;
|
||||
|
||||
@ -28269,24 +28005,12 @@ static int MakeAnyCert(Cert* cert, byte* derBuffer, word32 derSz,
|
||||
cert->keyType = FALCON_LEVEL5_KEY;
|
||||
#endif /* HAVE_FALCON */
|
||||
#ifdef HAVE_DILITHIUM
|
||||
else if ((dilithiumKey != NULL) && (dilithiumKey->level == 2)
|
||||
&& (dilithiumKey->sym == SHAKE_VARIANT))
|
||||
else if ((dilithiumKey != NULL) && (dilithiumKey->level == 2))
|
||||
cert->keyType = DILITHIUM_LEVEL2_KEY;
|
||||
else if ((dilithiumKey != NULL) && (dilithiumKey->level == 3)
|
||||
&& (dilithiumKey->sym == SHAKE_VARIANT))
|
||||
else if ((dilithiumKey != NULL) && (dilithiumKey->level == 3))
|
||||
cert->keyType = DILITHIUM_LEVEL3_KEY;
|
||||
else if ((dilithiumKey != NULL) && (dilithiumKey->level == 5)
|
||||
&& (dilithiumKey->sym == SHAKE_VARIANT))
|
||||
else if ((dilithiumKey != NULL) && (dilithiumKey->level == 5))
|
||||
cert->keyType = DILITHIUM_LEVEL5_KEY;
|
||||
else if ((dilithiumKey != NULL) && (dilithiumKey->level == 2)
|
||||
&& (dilithiumKey->sym == AES_VARIANT))
|
||||
cert->keyType = DILITHIUM_AES_LEVEL2_KEY;
|
||||
else if ((dilithiumKey != NULL) && (dilithiumKey->level == 3)
|
||||
&& (dilithiumKey->sym == AES_VARIANT))
|
||||
cert->keyType = DILITHIUM_AES_LEVEL3_KEY;
|
||||
else if ((dilithiumKey != NULL) && (dilithiumKey->level == 5)
|
||||
&& (dilithiumKey->sym == AES_VARIANT))
|
||||
cert->keyType = DILITHIUM_AES_LEVEL5_KEY;
|
||||
#endif /* HAVE_DILITHIUM */
|
||||
#ifdef HAVE_SPHINCS
|
||||
else if ((sphincsKey != NULL) && (sphincsKey->level == 1)
|
||||
@ -28378,30 +28102,15 @@ static int MakeAnyCert(Cert* cert, byte* derBuffer, word32 derSz,
|
||||
}
|
||||
#endif /* HAVE_FALCON */
|
||||
#ifdef HAVE_DILITHIUM
|
||||
else if ((dilithiumKey != NULL) && (dilithiumKey->level == 2)
|
||||
&& (dilithiumKey->sym == SHAKE_VARIANT)) {
|
||||
else if ((dilithiumKey != NULL) && (dilithiumKey->level == 2)) {
|
||||
cert->keyType = DILITHIUM_LEVEL2_KEY;
|
||||
}
|
||||
else if ((dilithiumKey != NULL) && (dilithiumKey->level == 3)
|
||||
&& (dilithiumKey->sym == SHAKE_VARIANT)) {
|
||||
else if ((dilithiumKey != NULL) && (dilithiumKey->level == 3)) {
|
||||
cert->keyType = DILITHIUM_LEVEL3_KEY;
|
||||
}
|
||||
else if ((dilithiumKey != NULL) && (dilithiumKey->level == 5)
|
||||
&& (dilithiumKey->sym == SHAKE_VARIANT)) {
|
||||
else if ((dilithiumKey != NULL) && (dilithiumKey->level == 5)) {
|
||||
cert->keyType = DILITHIUM_LEVEL5_KEY;
|
||||
}
|
||||
else if ((dilithiumKey != NULL) && (dilithiumKey->level == 2)
|
||||
&& (dilithiumKey->sym == AES_VARIANT)) {
|
||||
cert->keyType = DILITHIUM_AES_LEVEL2_KEY;
|
||||
}
|
||||
else if ((dilithiumKey != NULL) && (dilithiumKey->level == 3)
|
||||
&& (dilithiumKey->sym == AES_VARIANT)) {
|
||||
cert->keyType = DILITHIUM_AES_LEVEL3_KEY;
|
||||
}
|
||||
else if ((dilithiumKey != NULL) && (dilithiumKey->level == 5)
|
||||
&& (dilithiumKey->sym == AES_VARIANT)) {
|
||||
cert->keyType = DILITHIUM_AES_LEVEL5_KEY;
|
||||
}
|
||||
#endif /* HAVE_DILITHIUM */
|
||||
#ifdef HAVE_SPHINCS
|
||||
else if ((sphincsKey != NULL) && (sphincsKey->level == 1)
|
||||
@ -28692,12 +28401,6 @@ int wc_MakeCert_ex(Cert* cert, byte* derBuffer, word32 derSz, int keyType,
|
||||
dilithiumKey = (dilithium_key*)key;
|
||||
else if (keyType == DILITHIUM_LEVEL5_TYPE)
|
||||
dilithiumKey = (dilithium_key*)key;
|
||||
else if (keyType == DILITHIUM_AES_LEVEL2_TYPE)
|
||||
dilithiumKey = (dilithium_key*)key;
|
||||
else if (keyType == DILITHIUM_AES_LEVEL3_TYPE)
|
||||
dilithiumKey = (dilithium_key*)key;
|
||||
else if (keyType == DILITHIUM_AES_LEVEL5_TYPE)
|
||||
dilithiumKey = (dilithium_key*)key;
|
||||
else if (keyType == SPHINCS_FAST_LEVEL1_TYPE)
|
||||
sphincsKey = (sphincs_key*)key;
|
||||
else if (keyType == SPHINCS_FAST_LEVEL3_TYPE)
|
||||
@ -28998,10 +28701,7 @@ static int EncodeCertReq(Cert* cert, DerCert* der, RsaKey* rsaKey,
|
||||
#if defined(HAVE_DILITHIUM)
|
||||
if ((cert->keyType == DILITHIUM_LEVEL2_KEY) ||
|
||||
(cert->keyType == DILITHIUM_LEVEL3_KEY) ||
|
||||
(cert->keyType == DILITHIUM_LEVEL5_KEY) ||
|
||||
(cert->keyType == DILITHIUM_AES_LEVEL2_KEY) ||
|
||||
(cert->keyType == DILITHIUM_AES_LEVEL3_KEY) ||
|
||||
(cert->keyType == DILITHIUM_AES_LEVEL5_KEY)) {
|
||||
(cert->keyType == DILITHIUM_LEVEL5_KEY)) {
|
||||
if (dilithiumKey == NULL)
|
||||
return PUBLIC_KEY_E;
|
||||
der->publicKeySz = wc_Dilithium_PublicKeyToDer(dilithiumKey,
|
||||
@ -29334,24 +29034,12 @@ static int MakeCertReq(Cert* cert, byte* derBuffer, word32 derSz,
|
||||
cert->keyType = FALCON_LEVEL5_KEY;
|
||||
#endif /* HAVE_FALCON */
|
||||
#ifdef HAVE_DILITHIUM
|
||||
else if ((dilithiumKey != NULL) && (dilithiumKey->level == 2)
|
||||
&& (dilithiumKey->sym == SHAKE_VARIANT))
|
||||
else if ((dilithiumKey != NULL) && (dilithiumKey->level == 2))
|
||||
cert->keyType = DILITHIUM_LEVEL2_KEY;
|
||||
else if ((dilithiumKey != NULL) && (dilithiumKey->level == 3)
|
||||
&& (dilithiumKey->sym == SHAKE_VARIANT))
|
||||
else if ((dilithiumKey != NULL) && (dilithiumKey->level == 3))
|
||||
cert->keyType = DILITHIUM_LEVEL3_KEY;
|
||||
else if ((dilithiumKey != NULL) && (dilithiumKey->level == 5)
|
||||
&& (dilithiumKey->sym == SHAKE_VARIANT))
|
||||
else if ((dilithiumKey != NULL) && (dilithiumKey->level == 5))
|
||||
cert->keyType = DILITHIUM_LEVEL5_KEY;
|
||||
else if ((dilithiumKey != NULL) && (dilithiumKey->level == 2)
|
||||
&& (dilithiumKey->sym == AES_VARIANT))
|
||||
cert->keyType = DILITHIUM_AES_LEVEL2_KEY;
|
||||
else if ((dilithiumKey != NULL) && (dilithiumKey->level == 3)
|
||||
&& (dilithiumKey->sym == AES_VARIANT))
|
||||
cert->keyType = DILITHIUM_AES_LEVEL3_KEY;
|
||||
else if ((dilithiumKey != NULL) && (dilithiumKey->level == 5)
|
||||
&& (dilithiumKey->sym == AES_VARIANT))
|
||||
cert->keyType = DILITHIUM_AES_LEVEL5_KEY;
|
||||
#endif /* HAVE_DILITHIUM */
|
||||
#ifdef HAVE_SPHINCS
|
||||
else if ((sphincsKey != NULL) && (sphincsKey->level == 1)
|
||||
@ -29444,30 +29132,15 @@ static int MakeCertReq(Cert* cert, byte* derBuffer, word32 derSz,
|
||||
}
|
||||
#endif /* HAVE_FALCON */
|
||||
#ifdef HAVE_DILITHIUM
|
||||
else if ((dilithiumKey != NULL) && (dilithiumKey->level == 2)
|
||||
&& (dilithiumKey->sym == SHAKE_VARIANT)) {
|
||||
else if ((dilithiumKey != NULL) && (dilithiumKey->level == 2)) {
|
||||
cert->keyType = DILITHIUM_LEVEL2_KEY;
|
||||
}
|
||||
else if ((dilithiumKey != NULL) && (dilithiumKey->level == 3)
|
||||
&& (dilithiumKey->sym == SHAKE_VARIANT)) {
|
||||
else if ((dilithiumKey != NULL) && (dilithiumKey->level == 3)) {
|
||||
cert->keyType = DILITHIUM_LEVEL3_KEY;
|
||||
}
|
||||
else if ((dilithiumKey != NULL) && (dilithiumKey->level == 5)
|
||||
&& (dilithiumKey->sym == SHAKE_VARIANT)) {
|
||||
else if ((dilithiumKey != NULL) && (dilithiumKey->level == 5)) {
|
||||
cert->keyType = DILITHIUM_LEVEL5_KEY;
|
||||
}
|
||||
else if ((dilithiumKey != NULL) && (dilithiumKey->level == 2)
|
||||
&& (dilithiumKey->sym == AES_VARIANT)) {
|
||||
cert->keyType = DILITHIUM_AES_LEVEL2_KEY;
|
||||
}
|
||||
else if ((dilithiumKey != NULL) && (dilithiumKey->level == 3)
|
||||
&& (dilithiumKey->sym == AES_VARIANT)) {
|
||||
cert->keyType = DILITHIUM_AES_LEVEL3_KEY;
|
||||
}
|
||||
else if ((dilithiumKey != NULL) && (dilithiumKey->level == 5)
|
||||
&& (dilithiumKey->sym == AES_VARIANT)) {
|
||||
cert->keyType = DILITHIUM_AES_LEVEL5_KEY;
|
||||
}
|
||||
#endif /* HAVE_DILITHIUM */
|
||||
#ifdef HAVE_SPHINCS
|
||||
else if ((sphincsKey != NULL) && (sphincsKey->level == 1)
|
||||
@ -29665,12 +29338,6 @@ int wc_MakeCertReq_ex(Cert* cert, byte* derBuffer, word32 derSz, int keyType,
|
||||
dilithiumKey = (dilithium_key*)key;
|
||||
else if (keyType == DILITHIUM_LEVEL5_TYPE)
|
||||
dilithiumKey = (dilithium_key*)key;
|
||||
else if (keyType == DILITHIUM_AES_LEVEL2_TYPE)
|
||||
dilithiumKey = (dilithium_key*)key;
|
||||
else if (keyType == DILITHIUM_AES_LEVEL3_TYPE)
|
||||
dilithiumKey = (dilithium_key*)key;
|
||||
else if (keyType == DILITHIUM_AES_LEVEL5_TYPE)
|
||||
dilithiumKey = (dilithium_key*)key;
|
||||
else if (keyType == SPHINCS_FAST_LEVEL1_TYPE)
|
||||
sphincsKey = (sphincs_key*)key;
|
||||
else if (keyType == SPHINCS_FAST_LEVEL3_TYPE)
|
||||
@ -29809,12 +29476,6 @@ int wc_SignCert_ex(int requestSz, int sType, byte* buf, word32 buffSz,
|
||||
dilithiumKey = (dilithium_key*)key;
|
||||
else if (keyType == DILITHIUM_LEVEL5_TYPE)
|
||||
dilithiumKey = (dilithium_key*)key;
|
||||
else if (keyType == DILITHIUM_AES_LEVEL2_TYPE)
|
||||
dilithiumKey = (dilithium_key*)key;
|
||||
else if (keyType == DILITHIUM_AES_LEVEL3_TYPE)
|
||||
dilithiumKey = (dilithium_key*)key;
|
||||
else if (keyType == DILITHIUM_AES_LEVEL5_TYPE)
|
||||
dilithiumKey = (dilithium_key*)key;
|
||||
else if (keyType == SPHINCS_FAST_LEVEL1_TYPE)
|
||||
sphincsKey = (sphincs_key*)key;
|
||||
else if (keyType == SPHINCS_FAST_LEVEL3_TYPE)
|
||||
@ -29985,12 +29646,6 @@ int wc_SetSubjectKeyIdFromPublicKey_ex(Cert *cert, int keyType, void* key)
|
||||
dilithiumKey = (dilithium_key*)key;
|
||||
else if (keyType == DILITHIUM_LEVEL5_TYPE)
|
||||
dilithiumKey = (dilithium_key*)key;
|
||||
else if (keyType == DILITHIUM_AES_LEVEL2_TYPE)
|
||||
dilithiumKey = (dilithium_key*)key;
|
||||
else if (keyType == DILITHIUM_AES_LEVEL3_TYPE)
|
||||
dilithiumKey = (dilithium_key*)key;
|
||||
else if (keyType == DILITHIUM_AES_LEVEL5_TYPE)
|
||||
dilithiumKey = (dilithium_key*)key;
|
||||
else if (keyType == SPHINCS_FAST_LEVEL1_TYPE)
|
||||
sphincsKey = (sphincs_key*)key;
|
||||
else if (keyType == SPHINCS_FAST_LEVEL3_TYPE)
|
||||
@ -30044,12 +29699,6 @@ int wc_SetAuthKeyIdFromPublicKey_ex(Cert *cert, int keyType, void* key)
|
||||
dilithiumKey = (dilithium_key*)key;
|
||||
else if (keyType == DILITHIUM_LEVEL5_TYPE)
|
||||
dilithiumKey = (dilithium_key*)key;
|
||||
else if (keyType == DILITHIUM_AES_LEVEL2_TYPE)
|
||||
dilithiumKey = (dilithium_key*)key;
|
||||
else if (keyType == DILITHIUM_AES_LEVEL3_TYPE)
|
||||
dilithiumKey = (dilithium_key*)key;
|
||||
else if (keyType == DILITHIUM_AES_LEVEL5_TYPE)
|
||||
dilithiumKey = (dilithium_key*)key;
|
||||
else if (keyType == SPHINCS_FAST_LEVEL1_TYPE)
|
||||
sphincsKey = (sphincs_key*)key;
|
||||
else if (keyType == SPHINCS_FAST_LEVEL3_TYPE)
|
||||
|
@ -76,26 +76,16 @@ int wc_dilithium_sign_msg(const byte* in, word32 inLen,
|
||||
}
|
||||
|
||||
if (ret == 0) {
|
||||
if ((key->sym == SHAKE_VARIANT) && (key->level == 2)) {
|
||||
if (key->level == 2) {
|
||||
oqssig = OQS_SIG_new(OQS_SIG_alg_dilithium_2);
|
||||
}
|
||||
else if ((key->sym == SHAKE_VARIANT) && (key->level == 3)) {
|
||||
else if (key->level == 3) {
|
||||
oqssig = OQS_SIG_new(OQS_SIG_alg_dilithium_3);
|
||||
}
|
||||
else if ((key->sym == SHAKE_VARIANT) && (key->level == 5)) {
|
||||
else if (key->level == 5) {
|
||||
oqssig = OQS_SIG_new(OQS_SIG_alg_dilithium_5);
|
||||
}
|
||||
else if ((key->sym == AES_VARIANT) && (key->level == 2)) {
|
||||
oqssig = OQS_SIG_new(OQS_SIG_alg_dilithium_2_aes);
|
||||
}
|
||||
else if ((key->sym == AES_VARIANT) && (key->level == 3)) {
|
||||
oqssig = OQS_SIG_new(OQS_SIG_alg_dilithium_3_aes);
|
||||
}
|
||||
else if ((key->sym == AES_VARIANT) && (key->level == 5)) {
|
||||
oqssig = OQS_SIG_new(OQS_SIG_alg_dilithium_5_aes);
|
||||
}
|
||||
|
||||
if (oqssig == NULL) {
|
||||
else {
|
||||
ret = SIG_TYPE_E;
|
||||
}
|
||||
}
|
||||
@ -164,26 +154,16 @@ int wc_dilithium_verify_msg(const byte* sig, word32 sigLen, const byte* msg,
|
||||
}
|
||||
|
||||
if (ret == 0) {
|
||||
if ((key->sym == SHAKE_VARIANT) && (key->level == 2)) {
|
||||
if (key->level == 2) {
|
||||
oqssig = OQS_SIG_new(OQS_SIG_alg_dilithium_2);
|
||||
}
|
||||
else if ((key->sym == SHAKE_VARIANT) && (key->level == 3)) {
|
||||
else if (key->level == 3) {
|
||||
oqssig = OQS_SIG_new(OQS_SIG_alg_dilithium_3);
|
||||
}
|
||||
else if ((key->sym == SHAKE_VARIANT) && (key->level == 5)) {
|
||||
else if (key->level == 5) {
|
||||
oqssig = OQS_SIG_new(OQS_SIG_alg_dilithium_5);
|
||||
}
|
||||
else if ((key->sym == AES_VARIANT) && (key->level == 2)) {
|
||||
oqssig = OQS_SIG_new(OQS_SIG_alg_dilithium_2_aes);
|
||||
}
|
||||
else if ((key->sym == AES_VARIANT) && (key->level == 3)) {
|
||||
oqssig = OQS_SIG_new(OQS_SIG_alg_dilithium_3_aes);
|
||||
}
|
||||
else if ((key->sym == AES_VARIANT) && (key->level == 5)) {
|
||||
oqssig = OQS_SIG_new(OQS_SIG_alg_dilithium_5_aes);
|
||||
}
|
||||
|
||||
if (oqssig == NULL) {
|
||||
else {
|
||||
ret = SIG_TYPE_E;
|
||||
}
|
||||
}
|
||||
@ -227,10 +207,9 @@ int wc_dilithium_init(dilithium_key* key)
|
||||
*
|
||||
* key [out] Dilithium key.
|
||||
* level [in] Either 2,3 or 5.
|
||||
* sym [in] Either SHAKE_VARIANT or AES_VARIANT.
|
||||
* returns BAD_FUNC_ARG when key is NULL or level or sym are bad values.
|
||||
* returns BAD_FUNC_ARG when key is NULL or level is a bad values.
|
||||
*/
|
||||
int wc_dilithium_set_level_and_sym(dilithium_key* key, byte level, byte sym)
|
||||
int wc_dilithium_set_level(dilithium_key* key, byte level)
|
||||
{
|
||||
if (key == NULL) {
|
||||
return BAD_FUNC_ARG;
|
||||
@ -240,25 +219,19 @@ int wc_dilithium_set_level_and_sym(dilithium_key* key, byte level, byte sym)
|
||||
return BAD_FUNC_ARG;
|
||||
}
|
||||
|
||||
if (sym != SHAKE_VARIANT && sym != AES_VARIANT) {
|
||||
return BAD_FUNC_ARG;
|
||||
}
|
||||
|
||||
key->level = level;
|
||||
key->sym = sym;
|
||||
key->pubKeySet = 0;
|
||||
key->prvKeySet = 0;
|
||||
return 0;
|
||||
}
|
||||
|
||||
/* Get the level and symmetric variant of the dilithium private/public key.
|
||||
/* Get the level of the dilithium private/public key.
|
||||
*
|
||||
* key [in] Dilithium key.
|
||||
* level [out] The level.
|
||||
* sym [out] The symetric variant. SHAKE_VARIANT or AES_VARIANT.
|
||||
* returns BAD_FUNC_ARG when key is NULL or level has not been set.
|
||||
*/
|
||||
int wc_dilithium_get_level_and_sym(dilithium_key* key, byte* level, byte* sym)
|
||||
int wc_dilithium_get_level(dilithium_key* key, byte* level)
|
||||
{
|
||||
if (key == NULL || level == NULL) {
|
||||
return BAD_FUNC_ARG;
|
||||
@ -268,12 +241,7 @@ int wc_dilithium_get_level_and_sym(dilithium_key* key, byte* level, byte* sym)
|
||||
return BAD_FUNC_ARG;
|
||||
}
|
||||
|
||||
if (key->sym != SHAKE_VARIANT && key->sym != AES_VARIANT) {
|
||||
return BAD_FUNC_ARG;
|
||||
}
|
||||
|
||||
*level = key->level;
|
||||
*sym = key->sym;
|
||||
return 0;
|
||||
}
|
||||
|
||||
@ -365,10 +333,6 @@ int wc_dilithium_import_public(const byte* in, word32 inLen,
|
||||
return BAD_FUNC_ARG;
|
||||
}
|
||||
|
||||
if (key->sym != SHAKE_VARIANT && key->sym != AES_VARIANT) {
|
||||
return BAD_FUNC_ARG;
|
||||
}
|
||||
|
||||
if ((key->level == 2) && (inLen != DILITHIUM_LEVEL2_PUB_KEY_SIZE)) {
|
||||
return BAD_FUNC_ARG;
|
||||
}
|
||||
@ -401,10 +365,6 @@ static int parse_private_key(const byte* priv, word32 privSz,
|
||||
return BAD_FUNC_ARG;
|
||||
}
|
||||
|
||||
if (key->sym != SHAKE_VARIANT && key->sym != AES_VARIANT) {
|
||||
return BAD_FUNC_ARG;
|
||||
}
|
||||
|
||||
/* At this point, it is still a PKCS8 private key. */
|
||||
if ((ret = ToTraditionalInline(priv, &idx, privSz)) < 0) {
|
||||
return ret;
|
||||
@ -553,7 +513,8 @@ int wc_dilithium_import_private_key(const byte* priv, word32 privSz,
|
||||
* BUFFER_E when outLen is less than DILITHIUM_LEVEL2_KEY_SIZE,
|
||||
* 0 otherwise.
|
||||
*/
|
||||
int wc_dilithium_export_private_only(dilithium_key* key, byte* out, word32* outLen)
|
||||
int wc_dilithium_export_private_only(dilithium_key* key, byte* out,
|
||||
word32* outLen)
|
||||
{
|
||||
/* sanity checks on arguments */
|
||||
if ((key == NULL) || (out == NULL) || (outLen == NULL)) {
|
||||
@ -564,10 +525,6 @@ int wc_dilithium_export_private_only(dilithium_key* key, byte* out, word32* outL
|
||||
return BAD_FUNC_ARG;
|
||||
}
|
||||
|
||||
if (key->sym != SHAKE_VARIANT && key->sym != AES_VARIANT) {
|
||||
return BAD_FUNC_ARG;
|
||||
}
|
||||
|
||||
/* check and set up out length */
|
||||
if ((key->level == 2) && (*outLen < DILITHIUM_LEVEL2_KEY_SIZE)) {
|
||||
*outLen = DILITHIUM_LEVEL2_KEY_SIZE;
|
||||
@ -618,10 +575,6 @@ int wc_dilithium_export_private(dilithium_key* key, byte* out, word32* outLen)
|
||||
return BAD_FUNC_ARG;
|
||||
}
|
||||
|
||||
if (key->sym != SHAKE_VARIANT && key->sym != AES_VARIANT) {
|
||||
return BAD_FUNC_ARG;
|
||||
}
|
||||
|
||||
if ((key->level == 2) && (*outLen < DILITHIUM_LEVEL2_PRV_KEY_SIZE)) {
|
||||
*outLen = DILITHIUM_LEVEL2_PRV_KEY_SIZE;
|
||||
return BUFFER_E;
|
||||
@ -817,24 +770,15 @@ int wc_Dilithium_PrivateKeyDecode(const byte* input, word32* inOutIdx,
|
||||
return BAD_FUNC_ARG;
|
||||
}
|
||||
|
||||
if ((key->level == 2) && (key->sym == SHAKE_VARIANT)) {
|
||||
if (key->level == 2) {
|
||||
keytype = DILITHIUM_LEVEL2k;
|
||||
}
|
||||
else if ((key->level == 3) && (key->sym == SHAKE_VARIANT)) {
|
||||
else if (key->level == 3) {
|
||||
keytype = DILITHIUM_LEVEL3k;
|
||||
}
|
||||
else if ((key->level == 5) && (key->sym == SHAKE_VARIANT)) {
|
||||
else if (key->level == 5) {
|
||||
keytype = DILITHIUM_LEVEL5k;
|
||||
}
|
||||
if ((key->level == 2) && (key->sym == AES_VARIANT)) {
|
||||
keytype = DILITHIUM_AES_LEVEL2k;
|
||||
}
|
||||
else if ((key->level == 3) && (key->sym == AES_VARIANT)) {
|
||||
keytype = DILITHIUM_AES_LEVEL3k;
|
||||
}
|
||||
else if ((key->level == 5) && (key->sym == AES_VARIANT)) {
|
||||
keytype = DILITHIUM_AES_LEVEL5k;
|
||||
}
|
||||
else {
|
||||
return BAD_FUNC_ARG;
|
||||
}
|
||||
@ -865,24 +809,15 @@ int wc_Dilithium_PublicKeyDecode(const byte* input, word32* inOutIdx,
|
||||
return BAD_FUNC_ARG;
|
||||
}
|
||||
|
||||
if ((key->level == 2) && (key->sym == SHAKE_VARIANT)) {
|
||||
if (key->level == 2) {
|
||||
keytype = DILITHIUM_LEVEL2k;
|
||||
}
|
||||
else if ((key->level == 3) && (key->sym == SHAKE_VARIANT)) {
|
||||
else if (key->level == 3) {
|
||||
keytype = DILITHIUM_LEVEL3k;
|
||||
}
|
||||
else if ((key->level == 5) && (key->sym == SHAKE_VARIANT)) {
|
||||
else if (key->level == 5) {
|
||||
keytype = DILITHIUM_LEVEL5k;
|
||||
}
|
||||
if ((key->level == 2) && (key->sym == AES_VARIANT)) {
|
||||
keytype = DILITHIUM_AES_LEVEL2k;
|
||||
}
|
||||
else if ((key->level == 3) && (key->sym == AES_VARIANT)) {
|
||||
keytype = DILITHIUM_AES_LEVEL3k;
|
||||
}
|
||||
else if ((key->level == 5) && (key->sym == AES_VARIANT)) {
|
||||
keytype = DILITHIUM_AES_LEVEL5k;
|
||||
}
|
||||
else {
|
||||
return BAD_FUNC_ARG;
|
||||
}
|
||||
@ -920,24 +855,15 @@ int wc_Dilithium_PublicKeyToDer(dilithium_key* key, byte* output, word32 inLen,
|
||||
return BAD_FUNC_ARG;
|
||||
}
|
||||
|
||||
if ((key->level == 2) && (key->sym == SHAKE_VARIANT)) {
|
||||
if (key->level == 2) {
|
||||
keytype = DILITHIUM_LEVEL2k;
|
||||
}
|
||||
else if ((key->level == 3) && (key->sym == SHAKE_VARIANT)) {
|
||||
else if (key->level == 3) {
|
||||
keytype = DILITHIUM_LEVEL3k;
|
||||
}
|
||||
else if ((key->level == 5) && (key->sym == SHAKE_VARIANT)) {
|
||||
else if (key->level == 5) {
|
||||
keytype = DILITHIUM_LEVEL5k;
|
||||
}
|
||||
if ((key->level == 2) && (key->sym == AES_VARIANT)) {
|
||||
keytype = DILITHIUM_AES_LEVEL2k;
|
||||
}
|
||||
else if ((key->level == 3) && (key->sym == AES_VARIANT)) {
|
||||
keytype = DILITHIUM_AES_LEVEL3k;
|
||||
}
|
||||
else if ((key->level == 5) && (key->sym == AES_VARIANT)) {
|
||||
keytype = DILITHIUM_AES_LEVEL5k;
|
||||
}
|
||||
else {
|
||||
return BAD_FUNC_ARG;
|
||||
}
|
||||
@ -958,36 +884,21 @@ int wc_Dilithium_KeyToDer(dilithium_key* key, byte* output, word32 inLen)
|
||||
return BAD_FUNC_ARG;
|
||||
}
|
||||
|
||||
if ((key->level == 2) && (key->sym == SHAKE_VARIANT)) {
|
||||
if (key->level == 2) {
|
||||
return SetAsymKeyDer(key->k, DILITHIUM_LEVEL2_KEY_SIZE, key->p,
|
||||
DILITHIUM_LEVEL2_KEY_SIZE, output, inLen,
|
||||
DILITHIUM_LEVEL2k);
|
||||
}
|
||||
else if ((key->level == 3) && (key->sym == SHAKE_VARIANT)) {
|
||||
else if (key->level == 3) {
|
||||
return SetAsymKeyDer(key->k, DILITHIUM_LEVEL3_KEY_SIZE, key->p,
|
||||
DILITHIUM_LEVEL3_KEY_SIZE, output, inLen,
|
||||
DILITHIUM_LEVEL3k);
|
||||
}
|
||||
else if ((key->level == 5) && (key->sym == SHAKE_VARIANT)) {
|
||||
else if (key->level == 5) {
|
||||
return SetAsymKeyDer(key->k, DILITHIUM_LEVEL5_KEY_SIZE, key->p,
|
||||
DILITHIUM_LEVEL5_KEY_SIZE, output, inLen,
|
||||
DILITHIUM_LEVEL5k);
|
||||
}
|
||||
else if ((key->level == 2) && (key->sym == AES_VARIANT)) {
|
||||
return SetAsymKeyDer(key->k, DILITHIUM_LEVEL2_KEY_SIZE, key->p,
|
||||
DILITHIUM_LEVEL2_KEY_SIZE, output, inLen,
|
||||
DILITHIUM_AES_LEVEL2k);
|
||||
}
|
||||
else if ((key->level == 3) && (key->sym == AES_VARIANT)) {
|
||||
return SetAsymKeyDer(key->k, DILITHIUM_LEVEL3_KEY_SIZE, key->p,
|
||||
DILITHIUM_LEVEL3_KEY_SIZE, output, inLen,
|
||||
DILITHIUM_AES_LEVEL3k);
|
||||
}
|
||||
else if ((key->level == 5) && (key->sym == AES_VARIANT)) {
|
||||
return SetAsymKeyDer(key->k, DILITHIUM_LEVEL5_KEY_SIZE, key->p,
|
||||
DILITHIUM_LEVEL5_KEY_SIZE, output, inLen,
|
||||
DILITHIUM_AES_LEVEL5k);
|
||||
}
|
||||
|
||||
return BAD_FUNC_ARG;
|
||||
}
|
||||
@ -998,30 +909,18 @@ int wc_Dilithium_PrivateKeyToDer(dilithium_key* key, byte* output, word32 inLen)
|
||||
return BAD_FUNC_ARG;
|
||||
}
|
||||
|
||||
if ((key->level == 2) && (key->sym == SHAKE_VARIANT)) {
|
||||
if (key->level == 2) {
|
||||
return SetAsymKeyDer(key->k, DILITHIUM_LEVEL2_KEY_SIZE, NULL, 0, output,
|
||||
inLen, DILITHIUM_LEVEL2k);
|
||||
}
|
||||
else if ((key->level == 3) && (key->sym == SHAKE_VARIANT)) {
|
||||
else if (key->level == 3) {
|
||||
return SetAsymKeyDer(key->k, DILITHIUM_LEVEL3_KEY_SIZE, NULL, 0, output,
|
||||
inLen, DILITHIUM_LEVEL3k);
|
||||
}
|
||||
else if ((key->level == 5) && (key->sym == SHAKE_VARIANT)) {
|
||||
else if (key->level == 5) {
|
||||
return SetAsymKeyDer(key->k, DILITHIUM_LEVEL5_KEY_SIZE, NULL, 0, output,
|
||||
inLen, DILITHIUM_LEVEL5k);
|
||||
}
|
||||
else if ((key->level == 2) && (key->sym == AES_VARIANT)) {
|
||||
return SetAsymKeyDer(key->k, DILITHIUM_LEVEL2_KEY_SIZE, NULL, 0, output,
|
||||
inLen, DILITHIUM_AES_LEVEL2k);
|
||||
}
|
||||
else if ((key->level == 3) && (key->sym == AES_VARIANT)) {
|
||||
return SetAsymKeyDer(key->k, DILITHIUM_LEVEL3_KEY_SIZE, NULL, 0, output,
|
||||
inLen, DILITHIUM_AES_LEVEL3k);
|
||||
}
|
||||
else if ((key->level == 5) && (key->sym == AES_VARIANT)) {
|
||||
return SetAsymKeyDer(key->k, DILITHIUM_LEVEL5_KEY_SIZE, NULL, 0, output,
|
||||
inLen, DILITHIUM_AES_LEVEL5k);
|
||||
}
|
||||
|
||||
return BAD_FUNC_ARG;
|
||||
}
|
||||
|
1754
wolfssl/certs_test.h
1754
wolfssl/certs_test.h
File diff suppressed because it is too large
Load Diff
@ -1610,13 +1610,6 @@ enum Misc {
|
||||
DILITHIUM_LEVEL5_SA_MAJOR = 0xFE,
|
||||
DILITHIUM_LEVEL5_SA_MINOR = 0xA5,
|
||||
|
||||
DILITHIUM_AES_LEVEL2_SA_MAJOR = 0xFE,
|
||||
DILITHIUM_AES_LEVEL2_SA_MINOR = 0xA7,
|
||||
DILITHIUM_AES_LEVEL3_SA_MAJOR = 0xFE,
|
||||
DILITHIUM_AES_LEVEL3_SA_MINOR = 0xAA,
|
||||
DILITHIUM_AES_LEVEL5_SA_MAJOR = 0xFE,
|
||||
DILITHIUM_AES_LEVEL5_SA_MINOR = 0xAC,
|
||||
|
||||
MIN_RSA_SHA512_PSS_BITS = 512 * 2 + 8 * 8, /* Min key size */
|
||||
MIN_RSA_SHA384_PSS_BITS = 384 * 2 + 8 * 8, /* Min key size */
|
||||
|
||||
@ -3568,9 +3561,6 @@ enum SignatureAlgorithm {
|
||||
dilithium_level2_sa_algo = 14,
|
||||
dilithium_level3_sa_algo = 15,
|
||||
dilithium_level5_sa_algo = 16,
|
||||
dilithium_aes_level2_sa_algo = 17,
|
||||
dilithium_aes_level3_sa_algo = 18,
|
||||
dilithium_aes_level5_sa_algo = 19,
|
||||
invalid_sa_algo = 255
|
||||
};
|
||||
|
||||
|
@ -1095,9 +1095,6 @@ enum Key_Sum {
|
||||
DILITHIUM_LEVEL2k = 213, /* 1.3.6.1.4.1.2.267.7.4.4 */
|
||||
DILITHIUM_LEVEL3k = 216, /* 1.3.6.1.4.1.2.267.7.6.5 */
|
||||
DILITHIUM_LEVEL5k = 220, /* 1.3.6.1.4.1.2.267.7.8.7 */
|
||||
DILITHIUM_AES_LEVEL2k = 217,/* 1.3.6.1.4.1.2.267.11.4.4 */
|
||||
DILITHIUM_AES_LEVEL3k = 221,/* 1.3.6.1.4.1.2.267.11.6.5 + 1 (See GetOID() in asn.c) */
|
||||
DILITHIUM_AES_LEVEL5k = 224,/* 1.3.6.1.4.1.2.267.11.8.7 */
|
||||
SPHINCS_FAST_LEVEL1k = 281, /* 1 3 9999 6 7 4 */
|
||||
SPHINCS_FAST_LEVEL3k = 283, /* 1 3 9999 6 8 3 + 2 (See GetOID() in asn.c) */
|
||||
SPHINCS_FAST_LEVEL5k = 282, /* 1 3 9999 6 9 3 */
|
||||
@ -2243,9 +2240,6 @@ enum cert_enums {
|
||||
DILITHIUM_LEVEL2_KEY = 18,
|
||||
DILITHIUM_LEVEL3_KEY = 19,
|
||||
DILITHIUM_LEVEL5_KEY = 20,
|
||||
DILITHIUM_AES_LEVEL2_KEY = 21,
|
||||
DILITHIUM_AES_LEVEL3_KEY = 22,
|
||||
DILITHIUM_AES_LEVEL5_KEY = 23,
|
||||
SPHINCS_FAST_LEVEL1_KEY = 24,
|
||||
SPHINCS_FAST_LEVEL3_KEY = 25,
|
||||
SPHINCS_FAST_LEVEL5_KEY = 26,
|
||||
|
@ -148,9 +148,6 @@ enum CertType {
|
||||
DILITHIUM_LEVEL2_TYPE,
|
||||
DILITHIUM_LEVEL3_TYPE,
|
||||
DILITHIUM_LEVEL5_TYPE,
|
||||
DILITHIUM_AES_LEVEL2_TYPE,
|
||||
DILITHIUM_AES_LEVEL3_TYPE,
|
||||
DILITHIUM_AES_LEVEL5_TYPE,
|
||||
SPHINCS_FAST_LEVEL1_TYPE,
|
||||
SPHINCS_FAST_LEVEL3_TYPE,
|
||||
SPHINCS_FAST_LEVEL5_TYPE,
|
||||
@ -199,9 +196,6 @@ enum Ctc_SigType {
|
||||
CTC_DILITHIUM_LEVEL2 = 213,
|
||||
CTC_DILITHIUM_LEVEL3 = 216,
|
||||
CTC_DILITHIUM_LEVEL5 = 220,
|
||||
CTC_DILITHIUM_AES_LEVEL2 = 217,
|
||||
CTC_DILITHIUM_AES_LEVEL3 = 221,
|
||||
CTC_DILITHIUM_AES_LEVEL5 = 224,
|
||||
|
||||
CTC_SPHINCS_FAST_LEVEL1 = 281,
|
||||
CTC_SPHINCS_FAST_LEVEL3 = 283,
|
||||
|
@ -65,16 +65,12 @@
|
||||
#define DILITHIUM_MAX_PUB_KEY_SIZE DILITHIUM_LEVEL5_PUB_KEY_SIZE
|
||||
#define DILITHIUM_MAX_PRV_KEY_SIZE DILITHIUM_LEVEL5_PRV_KEY_SIZE
|
||||
|
||||
#define SHAKE_VARIANT 1
|
||||
#define AES_VARIANT 2
|
||||
|
||||
/* Structs */
|
||||
|
||||
struct dilithium_key {
|
||||
bool pubKeySet;
|
||||
bool prvKeySet;
|
||||
byte level; /* 2,3 or 5 */
|
||||
byte sym; /* SHAKE_VARIANT or AES_VARIANT */
|
||||
byte p[DILITHIUM_MAX_PUB_KEY_SIZE];
|
||||
byte k[DILITHIUM_MAX_PRV_KEY_SIZE];
|
||||
};
|
||||
@ -96,9 +92,9 @@ int wc_dilithium_verify_msg(const byte* sig, word32 sigLen, const byte* msg,
|
||||
WOLFSSL_API
|
||||
int wc_dilithium_init(dilithium_key* key);
|
||||
WOLFSSL_API
|
||||
int wc_dilithium_set_level_and_sym(dilithium_key* key, byte level, byte sym);
|
||||
int wc_dilithium_set_level(dilithium_key* key, byte level);
|
||||
WOLFSSL_API
|
||||
int wc_dilithium_get_level_and_sym(dilithium_key* key, byte* level, byte *sym);
|
||||
int wc_dilithium_get_level(dilithium_key* key, byte* level);
|
||||
WOLFSSL_API
|
||||
void wc_dilithium_free(dilithium_key* key);
|
||||
|
||||
|
Loading…
x
Reference in New Issue
Block a user